Russian underground hackers claim millions of Twitter accounts are for sale on the dark web

abstract art of twitter bird

Illustration via Max Fleishman

The leak is being sold by a pair of infamous hackers from the Russian underground.

Hacked accounts of hundreds of millions of Twitter users are being sold for prices ranging from $2,500 (4.5 bitcoins) to $5,800 (10 bitcoins), according to a pair of infamous hackers from the Russian underground. 

Twitter boasts 310 million active monthly users. More than 32 million credentials are being traded on the dark web while one seller claimed to have more than 300 million for sale. The hacked credentials include email addresses and passwords in plain text. 

Twitter has strongly denied any breach on its system, and available evidence suggests that the social network was not hacked.

One hacker selling the Twitter hack uses the alias Tessa88. It’s the same name that’s been spotted selling databases from the recent hacks of 427 million Myspace accounts and 100 million accounts

Tessa88 told the Daily Dot on Wednesday night the stolen data was 11 months old. The age of the data breach has not been verified, but if the breach is actually several years old, it’s less likely that anyone is going to pay a hefty fee for data out of date.

The other individual spotted selling the Twitter hack is Peace_of_mind, who was last seen selling the accounts. Peace, who describes himself as a “shady dark web data dealer,” operates on popular dark net markets and boasts a 100 percent satisfaction rate. 

Analysis by concluded that, after removing duplicates, more than 32 million accounts were being sold, not the 400 million that were being advertised.

If Twitter itself had been hacked, the number of accounts would likely be much higher. Of the hacked accounts, the highest number of users had accounts, but Twitter’s biggest country is the U.S., where is far less popular. Finally, it’s unlikely that Twitter itself stores passwords in plain text. 

All of this suggests a different but as yet unknown source for the hacked information. 

To protect yourself, you should change your Twitter password to a unique and strong password that is not shared on another website. Use a password manager like KeePass or LastPass to make this task easier. has uploaded 32 million records from the hack. You can search that site to see if your account and password are included in the breach.

Patrick Howell O'Neill

Patrick Howell O'Neill

Patrick Howell O'Neill is a notable cybersecurity reporter whose work has focused on the dark net, national security, and law enforcement. A former senior writer at the Daily Dot, O'Neill joined CyberScoop in October 2016. I am a cybersecurity journalist at CyberScoop. I cover the security industry, national security and law enforcement.

Selena Larson

Selena Larson

Selena Larson is a technology reporter based in San Francisco who writes about the intersection of technology and culture. Her work explores new technologies and the way they impact industries, human behavior, and security and privacy. Since leaving the Daily Dot, she's reported for CNN Money and done technical writing for cybersecurity firm Dragos.