Soon after the news of Twitter co-founder Evan Williams’s account hack surfaced on Thursday, another report said that hackers might have used malware to collect more than 32 million Twitter login credentials.
According to the report on technology website Techcrunch.com, these credentials are now being sold on the dark web.
“LeakedSource, a site with a search engine of leaked login credentials, said in a blog post that it received a copy of the user information from ‘[email protected]’ — the same alias used by the person who gave it hacked data from Russian social network VK last week,” the report noted.
LeakedSource said the cache of Twitter data contains 32,888,300 records, including email addresses, usernames and passwords. LeakedSource has added the information to its search engine.
LeakedSource noted that “the user credentials were collected by malware infecting browsers like Firefox or Chrome rather than stolen directly from Twitter”.
At the same time, Twitter said that its systems have not been breached.
“We are confident that these usernames and credentials were not obtained by a Twitter data breach — our systems have not been breached. In fact, we have been working to help keep accounts protected by checking our data against what’s been shared from recent other password leaks,” a Twitter spokesperson was quoted as saying.
Earlier on Thursday, reports made rounds that Twitter’s co-founder and former CEO Evan Williams’ account was briefly compromised.
A group by the name of OurMine — the same group that claimed credit for compromising Facebook chief Mark Zuckerberg’s Twitter and Pinterest accounts on Monday — took credit for hacking Williams’ account in a tweet on Wednesday, which was deleted minutes later.
The company released a statement later saying it does not comment on individual accounts.
“A number of other online services have seen millions of passwords stolen in the past several weeks. We recommend people use a unique, strong password for Twitter,” the company was quoted as saying.
This hack added another name in the list of high-profile people whose accounts have been compromised recently. Singers Drake and Lana Del Rey and professional American football league NFL have all been hit in recent days.
Recently, popular career-oriented platform LinkedIn notified about data breach and alerted its 400 million members to stay safe.
Hit by a massive data breach that put nearly 167 million users’ passwords and personal information in the hands of hackers four years back, LinkedIn came out with an explanation and steps it has taken to protect users.
In an email sent out to all its members, LinkedIn admitted that the massive data breach in 2012 may result in millions of passwords being leaked to the internet.
“On May 17, 2016, we became aware that data stolen from LinkedIn in 2012 was being made available online. This was not a new security breach or hack. We took immediate steps to invalidate the passwords of all LinkedIn accounts that we believed might be at risk,” LinkedIn said.
“These were accounts created prior to the 2012 breach that had not reset their passwords since that breach,” the email read.
The data breach involved member email addresses, hashed passwords, and LinkedIn member IDs (an internal identifier LinkedIn assigns to each member profile) from 2012.