After the LinkedIn, Tumblr, Myspace, and VK, Twitter joins its social comrades: A Russian hacker going by the name of “Tessa88” is apparently selling a database of 32 million records for a mere 10 bitcoins on the Dark Web (around 5,800 Dollar).
But unlike the previous LinkedIn breach – and the hacking of Mark Z. – this one has nothing to do with sloppy password management, according to LeakedSource. Instead it’s very likely that the credentials came from malware infected browsers, who would have sent every saved username and password to the hacker.
The findings are backed by Twitter Security Officer Michael Coates on his Twitter account:
We have investigated reports of Twitter usernames/passwords on the dark web, and we’re confident that our systems have not been breached.
— Michael Coates ஃ (@_mwc) 9. Juni 2016
What to do
The attack demonstrates the power of malware to steal your identity. And until you remove the malware, you simply can’t just change the password and be more secure.
- Double scan for malware.
- Make this a regular habit.
- Check to see if their email has been used in any hacking instances.
- Really, really get rid of that 123456 password. PLEASE!
- Switch to 2-factor-authentication whenever possible.
If you are one of those people who loves to see statistics, be prepared for yet another “most commonly used passwords in this breach” table. Here you go – the top five commonly used passwords in the batch of breached accounts. To see a more extensive list, take a look at LeakedSource: