Article Lead Image

Mass password leak wasn’t an inside job, Twitter claims

Twitter provided an update on its massive leak of passwords and provided some additional tips on security for users. 

 

Kris Holt

Internet Culture

Posted on May 10, 2012   Updated on Jun 2, 2021, 5:20 pm CDT

This week a massive leak of Twitter login credentials was published. However, the company claims that the information was not leaked by a Twitter staff member.

In a post on its Japanese blog, Twitter said it had confirmed that none of the information was leaked from within the company. The firm again apologized for the leak, which saw usernames, passwords, and email addresses linked to more than 55,000 accounts being published.

The leaked information was posted on Pastebin. Twitter said that many of those details were inaccurate, with a number of passwords not matching up with the usernames. The company also claimed that more than 20,000 of the accounts were duplicates, with a large number of them being spam bots.

The company said in its blog post that the information was probably leaked from a different website. It warned community members to watch out for phishing sites, or sites where scammers try to con users out of their login details. Additionally, it encouraged tweeters to use strong, unique passwords for each Web service they use.

It’s worth noting that Twitter’s authentication methods for legitimate third-party apps and sites mean that they shouldn’t ask you for your password directly. In other words, they’ll ask you to connect your Twitter account rather than login directly.

If a website asks you for your Twitter log-in details, that’s a warning sign that it’s a scam site. Picking up on such signals might help you avoid your Twitter credentials from popping up on Pastebin in the future.

Photo by rossbreadmore

Share this article
*First Published: May 10, 2012, 12:04 pm CDT