- Here’s why you shouldn’t buy a Nintendo Switch until mid-August Monday 5:11 PM
- Man blasted for making his coworkers babysit his child Monday 5:07 PM
- Pete Buttigieg’s country radio interview was blocked from the air Monday 4:35 PM
- 15-year-old Smash Bros. prodigy caught using racist slur in private Discord server Monday 3:47 PM
- Instagram users who post pet pictures more likely to get hacked Monday 3:45 PM
- Post-Prime Day recap: Shipping delays, more sales, and a scam Monday 3:08 PM
- Jacob Wohl returns to Twitter … for now Monday 1:56 PM
- How to stream WWE Raw Reunion Monday 1:35 PM
- ‘I hope Trump deports you’: Woman goes on racist rant to Spanish speakers at a store Monday 1:24 PM
- Emoji Mashup Bot gives life to unidentifiable emotions Monday 1:15 PM
- Notorious grifter Anna Sorokin reportedly blocked from profiting off Netflix series Monday 12:45 PM
- Charlottesville attacker’s Twitter account included praise for Hitler Monday 12:10 PM
- ‘Short Treks’ trailer: Spock, Pike, and Number One return Monday 11:57 AM
- Everything we know about ‘Star Trek: Lower Decks,’ the new animated show Monday 11:55 AM
- Cole Carrigan says he left Team 10 after being called homophobic slur Monday 11:32 AM
The leak is being sold by a pair of infamous hackers from the Russian underground.
Hacked accounts of hundreds of millions of Twitter users are being sold for prices ranging from $2,500 (4.5 bitcoins) to $5,800 (10 bitcoins), according to a pair of infamous hackers from the Russian underground.
Twitter boasts 310 million active monthly users. More than 32 million credentials are being traded on the dark web while one seller claimed to have more than 300 million for sale. The hacked credentials include email addresses and passwords in plain text.
Twitter has strongly denied any breach on its system, and available evidence suggests that the social network was not hacked.
We have investigated reports of Twitter usernames/passwords on the dark web, and we’re confident that our systems have not been breached.
— Michael Coates ? (@_mwc) June 9, 2016
One hacker selling the Twitter hack uses the alias Tessa88. It’s the same name that’s been spotted selling databases from the recent hacks of 427 million Myspace accounts and 100 million VK.com accounts.
Tessa88 told the Daily Dot on Wednesday night the stolen data was 11 months old. The age of the data breach has not been verified, but if the breach is actually several years old, it’s less likely that anyone is going to pay a hefty fee for data out of date.
The other individual spotted selling the Twitter hack is Peace_of_mind, who was last seen selling the VK.com accounts. Peace, who describes himself as a “shady dark web data dealer,” operates on popular dark net markets and boasts a 100 percent satisfaction rate.
Analysis by LeakedSource.com concluded that, after removing duplicates, more than 32 million accounts were being sold, not the 400 million that were being advertised.
If Twitter itself had been hacked, the number of accounts would likely be much higher. Of the hacked accounts, the highest number of users had mail.ru accounts, but Twitter’s biggest country is the U.S., where mail.ru is far less popular. Finally, it’s unlikely that Twitter itself stores passwords in plain text.
All of this suggests a different but as yet unknown source for the hacked information.
To protect yourself, you should change your Twitter password to a unique and strong password that is not shared on another website. Use a password manager like KeePass or LastPass to make this task easier.
Leakedsource.com has uploaded 32 million records from the hack. You can search that site to see if your account and password are included in the breach.
Patrick Howell O'Neill is a notable cybersecurity reporter whose work has focused on the dark net, national security, and law enforcement. A former senior writer at the Daily Dot, O'Neill joined CyberScoop in October 2016. I am a cybersecurity journalist at CyberScoop. I cover the security industry, national security and law enforcement.
Selena Larson is a technology reporter based in San Francisco who writes about the intersection of technology and culture. Her work explores new technologies and the way they impact industries, human behavior, and security and privacy. Since leaving the Daily Dot, she's reported for CNN Money and done technical writing for cybersecurity firm Dragos.