Welcome to the internet age, where hackers are getting smarter every day and malware is lurking around every corner. We’ve seen a terrifying amount of big data breaches occur over the past few years, and each one seems bigger and scarier than the last. Today, however, we get a new reminder that data breaches are just one of the ways hackers get their hands on our data. Reports are flying that tens of millions of valid Twitter account credentials have been made available for sale on the dark web, though the company has denied that a breach took place.
Whatever the case, the most important takeaway is this: Change your Twitter password immediately.
“Twitter credentials are being traded in the tens of millions on the dark web. LeakedSource has obtained and added a copy of this data to its ever-growing searchable repository of leaked data,” LeakedSource wrote in a blog post. “This data set was provided to us by a user who goes by the alias ‘Tessa88@exploit.im’, and has given us permission to name them in this blog.”
LeakedSource is a site that collects stolen account credentials and enters them into a searchable data base, allowing users to determine whether or not they are affected when new breaches are discovered. In the case of these 32+ million Twitter accounts, it’s unclear how or when they were obtained and Twitter is saying the company definitely wasn’t hacked.
“We are confident that these usernames and credentials were not obtained by a Twitter data breach – our systems have not been breached. In fact, we’ve been working to help keep accounts protected by checking our data against what’s been shared from recent other password leaks,” a Twitter spokesperson said to TechCrunch.
More from LeakedSource: “This data set contains 32,888,300 records. Each record may contain an email address, a username, sometimes a second email and a visible password. We have very strong evidence that Twitter was not hacked, rather the consumer was. These credentials however are real and valid. Out of 15 users we asked, all 15 verified their passwords.”
So how did the hacker(s) manage to obtain all these credentials? LeakedSource speculates that a massive malware campaign is the culprit.