When we were all fretting about yet another security breach on one of our favorite social networks – Twitter, the company was busy trying to protect your identity and security on the platform.
Reports came in yesterday that the micro-blogging website Twitter has reportedly been hacked and millions of login credentials were being sold on the dark web. Well, Twitter has now investigated into the security breach and confirmed that the hacker’s didn’t obtain the login information from their servers.
Twitter has also ‘cross-checked’ the login @usernames and passwords present in LeakedSources database and their own records, and concluded that the impression of a malicious malware attack was responsible for this hack.
In a blogpost detailing the breach, Michael Coates, Trust and Security Officer at Twitter adds that,
As a result, a number of Twitter accounts were identified for extra protection. Accounts with direct password exposure were locked and require a password reset by the account owner.
The company has offered no exact number on how many accounts in their records matched the leaked database, but it did tell Wall Street Journal that “millions” of accounts have been notified of the breach and are currently being asked to strengthen their account’s security.
The micro-blogging website has taken a step similar to other internet platforms, like Facebook and Netflix who as preventive measures have sent password reset links to users whose credentials were available in any of the leaked breaches.
Coates also mentions that in a scenario when one breach is being followed by another, it is natural for everyone to assume that a new one is also real and valid. And when you have account hacks like Katy Perry’s, Drake’s and more to support the breach’s. He also believes that since a lot of credentials did not match their database info, so the nefarious hijackers might have bundled old breached data or repackaged accounts from a variety of breaches.
He also added that Twitter secures potentially vulnerable accounts by monitoring their location, device used to login and login history for unusual behavior. Also, the company recommends the users to take the email notification seriously and implement two-factor authentication on their accounts, or use password managers like LastPass or 1Password to keep their credentials secure.
Twitter is now the fourth and most-recent social media contender to join the cyber security breach club, and get its login credentials dumped on the dark web, after LinkedIn, Tumblr and MySpace. The notorious hackers have not only dumped the credentials online for anyone to purchase and misuse, but have themselves caused chaos by intruding many accounts in the past couple of days.
In a similar security breach, Mark Zuckerberg lesser-known social media accounts were also hijacked by a hacker group by the name – OneMine Team. The group hijacked Zuck’s twitter, and pinterest accounts and vandalised and abused their power on the platform. It was believed that the group acquired his password from the Linked database dump, and yesterday it was reported that Twitter co-founder – Ev Williams – accounts was also part of a security breach.