- Biden says he asked Obama not to endorse him—but people aren’t buying it 3 Years Ago
- Marvel makes more money than Harry Potter and Star Wars combined 3 Years Ago
- ‘Avengers: Endgame’: Obituaries for the fallen heroes 3 Years Ago
- T-Mobile, Verizon admit most Americans won’t see fast 5G Today 1:52 PM
- PlayStation Vue is offering a sweet streaming deal for a limited time Today 1:42 PM
- Twitter reportedly worried banning white nationalists would also flag some Republicans Today 1:31 PM
- Lawyer of cop in viral assault case calls the crime a ‘Facebook misdemeanor’ Today 12:33 PM
- Biden’s ‘all men’-focused announcement gets roasted Today 11:49 AM
- Skillshare is offering new users one month of premium for free Today 10:44 AM
- Report: Facebook is punishing Black people for talking about racism (updated) Today 10:15 AM
- Biden brings tepid language to the healthcare debate Today 9:52 AM
- TikTok’s ‘chin on palm’ challenge has people scratching their heads Today 9:01 AM
- How to stream the 2019 NFL Draft for free Today 9:00 AM
- How to watch every movie in the MCU before ‘Avengers: Endgame’ Today 8:00 AM
- Review: The apocalypse has never been more aimless than in Days Gone Today 7:00 AM
The leak is being sold by a pair of infamous hackers from the Russian underground.
Hacked accounts of hundreds of millions of Twitter users are being sold for prices ranging from $2,500 (4.5 bitcoins) to $5,800 (10 bitcoins), according to a pair of infamous hackers from the Russian underground.
Twitter boasts 310 million active monthly users. More than 32 million credentials are being traded on the dark web while one seller claimed to have more than 300 million for sale. The hacked credentials include email addresses and passwords in plain text.
Twitter has strongly denied any breach on its system, and available evidence suggests that the social network was not hacked.
We have investigated reports of Twitter usernames/passwords on the dark web, and we’re confident that our systems have not been breached.
— Michael Coates ? (@_mwc) June 9, 2016
One hacker selling the Twitter hack uses the alias Tessa88. It’s the same name that’s been spotted selling databases from the recent hacks of 427 million Myspace accounts and 100 million VK.com accounts.
Tessa88 told the Daily Dot on Wednesday night the stolen data was 11 months old. The age of the data breach has not been verified, but if the breach is actually several years old, it’s less likely that anyone is going to pay a hefty fee for data out of date.
The other individual spotted selling the Twitter hack is Peace_of_mind, who was last seen selling the VK.com accounts. Peace, who describes himself as a “shady dark web data dealer,” operates on popular dark net markets and boasts a 100 percent satisfaction rate.
Analysis by LeakedSource.com concluded that, after removing duplicates, more than 32 million accounts were being sold, not the 400 million that were being advertised.
If Twitter itself had been hacked, the number of accounts would likely be much higher. Of the hacked accounts, the highest number of users had mail.ru accounts, but Twitter’s biggest country is the U.S., where mail.ru is far less popular. Finally, it’s unlikely that Twitter itself stores passwords in plain text.
All of this suggests a different but as yet unknown source for the hacked information.
To protect yourself, you should change your Twitter password to a unique and strong password that is not shared on another website. Use a password manager like KeePass or LastPass to make this task easier.
Leakedsource.com has uploaded 32 million records from the hack. You can search that site to see if your account and password are included in the breach.
Patrick Howell O'Neill is a notable cybersecurity reporter whose work has focused on the dark net, national security, and law enforcement. A former senior writer at the Daily Dot, O'Neill joined CyberScoop in October 2016. I am a cybersecurity journalist at CyberScoop. I cover the security industry, national security and law enforcement.
Selena Larson is a technology reporter based in San Francisco who writes about the intersection of technology and culture. Her work explores new technologies and the way they impact industries, human behavior, and security and privacy. Since leaving the Daily Dot, she's reported for CNN Money and done technical writing for cybersecurity firm Dragos.