An alleged Russian hacker is looking to sell 32 Million Twitter Passwords for 10 Bitcoins ($5,800). Leakedsource has brought this hack to light after coming across the dataset being sold on the Darknet.
“This data set contains 32,888,300 records. Each record may contain an email address, a username, sometimes a second email and a visible password. We have very strong evidence that Twitter was not hacked, rather the consumer was.”
“Twitter credentials are being traded in the tens of millions on the dark web. LeakedSource has obtained and added a copy of this data to its ever-growing searchable repository of leaked data. This data set was provided to us by a user who goes by the alias “[email protected]”, and has given us permission to name them in this blog.” reports LeakedSource.
Top passwords used by the Twitter users:
Michael Coates, head security officier at Twitter.com tweets:
We have investigated reports of Twitter usernames/passwords on the dark web, and we're confident that our systems have not been breached.
— Michael Coatesۗۗۗۗۗۗۗۗۗۗۗۗۗۗۗۗۗۗۗۗۗۗۗۗۗۗۗۗۗۗۗۗۗۗۗۗ (@_mwc) June 9, 2016
This sale is most likely the result of malware stealing saved passwords in web browsers. The proof of this are as follows:
- The join dates of some users with uncrackable (yet plaintext) passwords were recent. There is no way that Twitter stores passwords in plaintext in 2014 for example.
- There was a very significant amount of users with the password “<blank>” and “null”. Some browsers store passwords as “<blank>” if you don’t enter a password when you save your credentials.
- The top email domains don’t match up to a full database leak, more likely the malware was spread to Russians.