Millions of Twitter passwords were stolen. What can users do?
Millions of Twitter accounts have been compromised, a Russian seller with ties to the Myspace, LinkedIn, and Tumblr data breaches claimed Tuesday.
The seller, who goes by Tessa88, appears to have obtained the login credentials of more than 32 million users, which, for each of them, includes at least one email address, a password, and a username.
"The lesson here? It鈥檚 not just companies that can be hacked," wrote Leakedsource.com, a breach notification website that verified the Tessa88's claims. "Users ,听迟辞辞."
The author of the Leakedsource.com blog post isn't the only expert to urge the public be smarter about the passwords they choose. Especially after Facebook chief executive officer Mark Zuckerberg's Twitter password was found to be just "dadada,"聽experts have insisted you should come up with more creative, secure passwords.
Twitter itself doesn't appear to have been hacked, it said in a statement.
"We that these usernames and credentials were not obtained by a Twitter data breach 鈥 our systems have not been breached. In fact, we've been working to help keep accounts protected by checking our data against what's been shared from recent other password leaks," a Twitter spokesperson said, according to TechCrunch.
Leakedsource.com confirmed Twitter's suspicion. The website said passwords stolen from Twitter would have been encrypted. The passwords in the database were plain text.
The data breach likely occurred through malicious software, which could have sent usernames and passwords saved in Chrome, Firefox, and other internet browsers to the hackers, according to Leakedsource.com. The majority of users appear to live in Russia, wrote Leakedsource.com. 聽
In an encrypted message Tuesday, Tessa88 offered the usernames and passwords of from as early as 2015, each for a price of 10 bitcoins ($5,819.30 by press time), according to ZDNET. Because there were only 310 million Twitter users in 2015, according to ZDNET, Leakedsource.com suspects the number of accounts is more likely in the range of 32,888,300. Perhaps more concerning than the scope of the data breach is users' popular passwords.聽
The most popular passwords on the list are a simple, generic combination of numbers and letters. The most popular 鈥 the password of 120,417 users 鈥 is just "123456," according to Leakedsource.com. Second is "123456789," followed by "qwerty" and "password."
Though Facebook鈥檚 Mr. Zuckerberg was not in the data set (Leakedsource.com checked), he has received blowback for his password of "dadada" for his Twitter and Pinterest accounts.
"The most frustrating part is that all of this could have been avoided," said tech writer Alexandra Samuel in聽海角大神. Ms. Samuel admits, like Zuckerberg, she was hacked because of "bad password security."
After all, it鈥檚 not difficult to protect yourself online: create unique, tough-to-guess passwords for every account, change your passwords whenever a site gets hacked, and use two-factor authentication whenever possible. Also, don鈥檛 forget to use a password manager to generate, encrypt, store and update passwords for you. I used 1Password, an app that聽makes it possible to see which passwords I used for all my digital identities."
To combat malware and other password-cracking software,聽security expert and cryptographer Bruce Schneier聽recommends聽, writes the Monitor's Max Lewontin.
贰虫补尘辫濒别蝉听听颈苍肠濒耻诲别:
WOO!TPwontSB = Woohoo! The Packers won the Super Bowl!
PPupmoarT@O@tgs = Please pick up more Toasty O's at the grocery store.
