In a surprised revelation, Leaked Source (an online group which keeps eye on activities of dark web) claimed that personal information like user ID, Email and password of large number of Twitter users, around 32 million is being sold on dark web for 10 bitcoins or 5800 USD. To support its claim it has added the account and email information to its searchable repository of compromised credentials. This move of cpublishing user details have left no room for call it’s claim false.
On further clarification this group(LeakedSource) added that there were 32,888,300 records each consisting of mainly Email, username and password. The dataset came from a hacker called online as “[email protected],” ,this one has been responsible for many other large collections of compromised data, the most notable being the credentials of 425 million MySpace accounts.
Even though this is breach of Twitter’s password but most of security experts agree that Twitter’s internal structure is still secure i.e no breach is there but instead of that the information came from compromised user systems. On further explanation they said that hackers infected millions of users’ system with malware that collected users information and password from web browsers like Chrome, Firefox or IE.
On being contacted Twitter administration didn’t directly denied the hacking but they also supported the security experts claim that there was no internal breach and this has been done by using a malware which affected user system.
Twitter’s Trust and Information Security Officer Michael Coats tweeted that “We have investigated reports of Twitter usernames/passwords on the dark web, and we’re confident that our systems have not been breached. We are working with @leakedsource to obtain this info & take additional steps to protect users. It looks like plain text passwords have been stolen from over 32 million consumers, most likely from their browsers — IE, Chrome, Firefox, Safari”.
One of the peculiar thing about this hacking is that it is heavily aimed towards Russian users though other areas are also affected. This adds support to the speculations about involvement of Russian hackers in this. In the dataset being sold LeakedSource found that it is has more than 5 million email addresses with the “.ru” domain in them. It means that this isn’t just a Twitter attack — that’s just the data source that’s being traded. It means this is an end-user plain text password scrape attack which will impact every account the end-user saved. Every service provider in the world needs to be on the lookout for nefarious activity.
This incident is again a warning for those lazy internet users who uses similar passwords on most of site, this list includes tech people like Mark Zuckerberg too!. This is a dangerous habit harmful in both short and long run.
To solve this crisis and increase its credibility Twitter has requested its users to change their password and opt for two-factor authentication. Those Twitter users who have turned on two-factor authentication, compromised passwords won’t pose much risk to their accounts. Two-factor authentication requires that in addition to a password, a code typically sent in the form of a text message to a mobile phone also must be entered by an account holder. But there still remains a threat to those who have used similar password on other sites and there is no two factor authentication for other sites.