You reportedly have another social media hack to fret about. A search-engine for leaked online information, LeakedSource has reported that a user is selling over 32 million leaked Twitter credentials on the dark web.
For all folks who are unaware of what the dark web is, let me enlighten you first. The ‘Dark Web’ is a part of ‘Deep Web’ which even though is accessible to the public easily(unlike Deep Web) is still hidden in the aspect that the IP addresses of the servers that run them are hidden using a Tor encryption tool. You can use Tor to hide your identity, spoof your location and access these websites easily.
According to the blogpost, it has obtained the leaked data from a Russian seller by the alias ‘Tessa88’, who is the same person involved in the recent Russian social network VK, Tumblr and LinkedIn database hacks. The seller reports that he has obtained the database, which seems to include an email address, a username, sometimes a secondary email and a visible unencrypted password.
The seller said that he had obtained over 379 million account credentials in the beginning of 2015, but after sorting and removing duplicates the leaked database condensed to approximately 32 million records. Tessa88 is ready to sell the leaked information for 10 bitcoins(or $6,000).
LeakedSource however stands opposed to the fact that Twitter was infact hacked sometime around the end of 2014. But, the explanation it offers for the leaked information points to the consumers being infected with a malware program that retrieved and sent every saved username and password from the browser’s back to hackers, including your passwords from Twitter.
The team has also validated the password from 15 random users, and the credentials have been confirmed to be real and valid. The malicious attack on the consumers also sheds light on the size of consumer data, which is larger than the current monthly active user count on Twitter, i.e 310 million.
The leaked info search engine has also provided proof of the facts that it has served to the users. It reports that the joining dates of some users that were a part of the hack were recent, and it cannot be that Twitter stored unencrypted plain text passwords on their server in 2014. It also mentions that browsers store passwords in plain-text and says that,
There was a very significant amount of users with the password “<blank>” and “null”. Some browsers store passwords as “<blank>” if you don’t enter a password when you save your credentials.
The database consisted of a lot of data from Russian users, with the highest number of over 5 million users using a mail.ru id to login into the service, while over 1 lakh users still use the infamous password ‘123456’ on the service. Are people ‘still’ really that dumb?
LeakedSource however, has also spent a lot of time double-checking the data to search for Mark Zuckerberg’s credentials, so that they can check whether the hacker group responsible for hijacking and vandalizing his social media profiles just a couple days ago. But Zuckerberg isn’t a part of the leaked database so the group’s claims of using the password ‘dadada’ found in the LinkedIn database might actually be true.
Twitter has also responded to the claims by tweeting that it aims to help protect user data and keeps checking user data against what’s been shared from recent password leaks. This is similar to the cybersecurity measures that other social media networks and platforms, like Netflix are using to combat the hacker groups from acquiring their data. They are also matching the leaked data against their own database and forcing them to change their current passwords.
Breaches have been coming one after the other, and they are not stoping anytime soon. In a recent report from Gartner, researchers believe that if the cybersecurity measure aren’t upgraded to match the current data standards, then there will come a day when you will be able to buy anybody’s digital data in the dark alleyways near your house. The researchers believe that over 60 per cent of the digital businesses face the risk of failure if they don’t upgrade and learn the importance of web security.