A hacker calling himself Tessa88 is Selling 33 million Twitter Logins on Dark Web with clear-text passwords!
We recently informed you about the massive data breach at LinkedIn and MySpace in which millions of user accounts, plain text passwords and email addresses were stolen by the hacker. Now, we have learned that around 33 million Twitter log-ins are being sold at Dark Web for 10 bitcoins, which would roughly be £4,000.
LeakedSource was provided access to the stolen data by the Russian hacker using the nick Tessa88 while the data is being sold by the same person who was behind the massive data breaches that recently took place and shook the web security fraternity.
It is being reported that 32,888,300 Twitter accounts are up for sale. However, LeakedSource believes that Twitter accounts could not be part of the database simply because Twitter does not store passwords in plain text format.
“Passwords were stolen directly from consumers, therefore, they are in plain text with no encryption or hashing. Remember that Twitter probably doesn’t store the passwords in plain text. Chrome and Firefox did” writes LeakedSource.
LeakedSource has verified that the credentials are authentic, ‘real and valid.’ In fact, the website maintains that “out of 15 users we asked, all 15 verified their passwords.”
“The explanation for this is that tens of millions of people have become infected by malware, and the malware sent every saved username and password from browsers like Chrome and Firefox back to the hackers from all websites, including Twitter,” stated leakedSource.
LeakedSource has also stated that Mark Zuckerberg’s account is not included in the leaked credentials database. The news was firstly published by ZDNet. We couldn’t get any response from Twitter officials as of now but according to a tweet posted by Michael Coates, the company’s chief security officer, Twitter hasn’t been hacked.
Coates tweeted on Thursday that the company has “investigated reports of Twitter usernames/passwords on the dark web,” and that the company is confident that their systems “have not been breached.”
“We securely store all passwords with bcrypt. We are working with @leakedsource to obtain this info and take additional steps to protect users,” explained Coates.
We securely store all passwords w/ bcrypt. We are working with @leakedsource to obtain this info & take additional steps to protect users.
— Michael Coates (@_mwc) June 9, 2016
To help keep people safe and accounts protected, we’ve been checking our data against what’s been shared from recent password leaks.
— Twitter Support (@TwitterSupport) June 6, 2016
List of 20 most uses passwords and email domains on Twitter: