Twitter passwords might have been hacked and leaked for 32M users

Twitter

Almost 32 million users credentials for Twitter might have been stolen and sold. A blog, posted on LeakedSource, said in a post that it received a copy of the user information from “Tessa88@exploit.im,” the same alias used by the person who gave it hacked data from Russian social network VK last week.

Other major security compromises which have hit the news recently include a Myspace hack that involved over 360 million accounts, possibly making it the largest one ever, and the leak of 100 million LinkedIn passwords stolen in 2012.

The new Twitter hack, which LeakedSource says has 32,888,300 records containing email addresses, usernames, and passwords, has been added to the site’s search engine, which is paid but lets people remove leaked information for free.

Based on information in the data (including the fact that many users had their passwords displayed in plaintext), LeakedSource believes that the user credentials were collected by malware infecting browsers like Firefox or Chrome. Many of the affected users appear to be in Russia—six of the top 10 email domains represented in the database are Russian, including mail.ru and yandex.ru.

Even though Mark Zuckerberg got several of his non-Facebook social media accounts, including Twitter, hacked this week, his information wasn’t included in this data set. Zuckerberg was ridiculed for appearing to reuse “dadada” as his password on multiple sites, but results from LeakedSource’s data analysis shows that many people are much less creative. The most popular password, showing up 120,417 times, was “123456,” while “password” appears 17,471 times. An analysis of the VK data also turned up similar results.