A Russian hacker claims to have the passwords of 32 million Twitter users and is trying to sell them online for 10 Bitcoin — which is roughly about $5, 780. The potential breach was first reported by ZDNet and it was backed up by paid data search engine Leaked Source.
LeakedSource said the database contains more than 32 million passwords, but most seem to belong to users in Russia. LeakedSource also noted in a blog post that the most commonly occurring passwords were “123456,” “123456789,” “qwerty” and “password.”
The hacker believed to be behind this data dump is known as Tessa88, who is also connected to the 2012 LinkedIn hack.
Twitter already investigated the report and said that the passwords were not obtained directly from the company — Twitter has not been breached. The hacker had to have used malware in order to gain access to the data.
“We have investigated reports of Twitter usernames/passwords on the dark web, and we’re confident that our systems have not been breached,” said Michael Coates, Twitter’s Trust & Infor Security Officer Michael Coates, said in a tweet.
“We securely store all passwords w/ bcrypt. We are working with @leakedsource to obtain this info & take additional steps to protect users,” he added.
This hack is just the latest in a series of breaches and data dumps. LinkedIn,MySpace and Tumblr were all affected last month by old hacks from 2012 and 2013. Hackers were trying to sell the information of millions of users online two weekends ago.
The data dumps are also believed to be what led to a series of celebrities and high-profile accounts getting hacked on Twitter. Some of those include Katy Perry, Lana Del Ray, Mark Zuckerberg, Tenacious D and the NFL.
To find out if your account was compromised you can check at “Have I been Pwned?” Just type in the email address and the site will tell you if you’ve been compromised and where.
However, everyone should consider changing their passwords and setting up two-factor authentication — also try to avoid foolish password like “123456.”
To strengthen your account from hackers go on Twitter and select Settings > Security and Privacy > Login Verification and enable “Verify Login Requests.”
Two-factor authentication will require you to type in a code sent to your phone every time you log in. It’ll be harder for hackers to steal your information this way since they don’t have your phone.