A hacker going by the name of Tessa88 has supposedly offered for sale the log in credentials of 379 million Twitter accounts. The hacker is linked to the same hacker that stole log in credentials for hundreds of millions LinkedIn and MySpace accounts. Tessa88 is offering the credentials for sale for the handsome sum of 10 Bitcoins or $5,810. The information for sale includes usernames, passwords and email addresses.
But according to ZD Net how Tessa88 got the data is not clear and even the amount of data is in dispute. Data breach search engine LeakedSource estimated the actual number of accounts to be less than 33 million or 10 percent of Twitter’s monthly active users.
Twitter has denied that a data breach occurred and it appears that LeakedSource is backing them up. Evidence indicates that the stolen credentials may be the result of malware infections.
Twitter trust and information security officer Michael Coates wrote in a blog post, “The purported Twitter @names and passwords may have been amassed from combining information from other recent breaches, malware on victim machines that are stealing passwords for all sites, or a combination of both,”
It appears that many people are still are not using simple common sense security measures. According to LeakedSource the most commonly found passwords among the millions stolen is 123456, qwerty, password and 12345678.
In another statement a Twitter spokesperson said “We are confident that these usernames and credentials were not obtained by a Twitter data breach. Our systems have not been breached. We’ve been working to help keep accounts protected by checking our data against what’s been shared from recent other password leaks.”
Twitter quickly acted to secure its users’ account forcing all users whose information was compromised to reset their passwords. Twitter also recommends its users implement two-factor authentication, a strong and unique password, and a password manager to keep their account secure.