32 Million Twitter Passwords on the Dark Web?

What happened?

After the LinkedIn, Tumblr, Myspace, and VK, Twitter joins its social comrades: A Russian hacker going by the name of “Tessa88” is apparently selling a database of 32 million records for a mere 10 bitcoins on the Dark Web (around 5,800 Dollar).

But unlike the previous LinkedIn breach – and the hacking of Mark Z. – this one has nothing to do with sloppy password management, according to LeakedSource. Instead it’s very likely that the credentials came from malware infected browsers, who would have sent every saved username and password to the hacker.

The findings are backed by Twitter Security Officer Michael Coates on his Twitter account:

What to do

The attack demonstrates the power of malware to steal your identity. And until you remove the malware, you simply can’t just change the password and be more secure.

  1. Double scan for malware.
  2. Make this a regular habit.
  3. Check to see if their email has been used in any hacking instances.
  4. Really, really get rid of that 123456 password. PLEASE!
  5. Switch to 2-factor-authentication whenever possible.

Interesting tidbits

If you are one of those people who loves to see statistics, be prepared for yet another “most commonly used passwords in this breach” table. Here you go – the top five commonly used passwords in the batch of breached accounts. To see a more extensive list, take a look at LeakedSource:

RankPasswordFrequency
1123456120,417
212345678932,775
3qwerty22,770
4password17,471
5123456714,401
PR & Social Media Manager @ Avira |Gamer. Geek. Tech addict.