U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

32 Million Twitter account credentials offered for sale

A hacker is offering for sale more than 32 million Twitter account credentials with plans to sell the account details on the Dark Web. Recent news of massive data breaches suffered by IT giants LinkedIn, MySpace, Tumblr, and VK.com shocked  the security industry. Millions of login credentials are available for sale in the principal black markets, […]

32 Million Twitter account credentials offered for sale

A hacker is offering for sale more than 32 million Twitter account credentials with plans to sell the account details on the Dark Web.

Recent news of massive data breaches suffered by IT giants LinkedIn, MySpace, Tumblr, and VK.com shocked  the security industry. Millions of login credentials are available for sale in the principal black markets, experts believe that the hacker behind the leaks is a Russian guy that now is claiming to be in possession of 32 Million Twitter Passwords and offered them in the criminal underground.

The alleged Russian hacker is attempting to sell 32 Million Twitter Passwords for 10 Bitcoins (over $5,800). Also in this case, I invite you to give a look to LeakedSource specialized in data breaches that indexes leaked login credentials from the stolen dumps.

“Twitter credentials are being traded in the tens of millions on the dark web. LeakedSource has obtained and added a copy of this data to its ever-growing searchable repository of leaked data. This data set was provided to us by a user who goes by the alias “Tessa88@exploit.im”, and has given us permission to name them in this blog.” reported LeakedSource.

The records include the username, an email address, sometimes a second email address, and plain-text passwords for more than 32 Million Twitter accounts.
Twitter account credentials
Twitter promptly denied that the data come from a security breach suffered by the company.

According to LeakedSource, the data set contains 32,888,300 records, its experts believe that the data was obtained through a malware-based attack.

“We have very strong evidence that Twitter was not hacked, rather the consumer was. These credentials however are real and valid. Out of 15 users we asked, all 15 verified their passwords.” continues LeakedSource. “The explanation for this is that tens of millions of people have become infected by malware, and the malware sent every saved username and password from browsers like Chrome and Firefox back to the hackers from all websites including Twitter.”

Below the motivations provided by LeakedSource:

  • The join dates of some users with uncrackable (yet plaintext) passwords were recent. There is no way that Twitter stores passwords in plaintext in 2014 for example.
  • There was a very significant amount of users with the password “<blank>” and “null”. Some browsers store passwords as “<blank>” if you don’t enter a password when you save your credentials.
  • The top email domains don’t match up to a full database leak, more likely the malware was spread to Russians.

The unique certainly is that hackers are selling millions Twitter account credentials, also yours, don’t waste time and change your password on Twitter and also on all the other social media where you used same credentials.

Let’s close with a look to the top passwords used by Twitter.com, Opsss … once again ‘123456’ is the most popular.

Rank Password Frequency
1 123456 120,417
2 123456789 32,775
3 qwerty 22,770
4 password 17,471
5 1234567 14,401

 

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Twitter account credentials,data)