Just days after Facebook czar Mark Zuckerberg’s social media accounts were found to be hacked, it appears that more folks will need to change their passwords.
ZDNet reported that a Russian hacker claimed to have a massive cache of millions of Twitter account logins for sale, for 10 bitcoins or about $5,807. LeakedSource, which indexes hacked credentials from data breaches, noted in a blog post that the database, of which it received a copy, contains more than 32 million accounts.
The site explained that the passwords were stored as plain text and several of them seemed to belong to users in Russia. As such, it’s more likely that these credentials were obtained through malware attacks on users rather than a breach of Twitter’s systems.
LeakedSource added that the most commonly occurring password in the database is ‘123456’, followed by ‘123456789’, ‘qwerty’ and ‘password’. That’s dangerous because it means the accounts these are associated with could be hacked with just a little guesswork and wouldn’t even require malware.
The real danger is that many people use the same password on several sites; if an attacker gets a single user’s account for one online service, they could likely access other accounts like their email inboxes and cloud storage.
The news comes shortly after it was reported that hundreds of millions of Myspace and Tumblr credentials were put up for sale last week. In May, a Russian hacker claimed to have 117 million LinkedIn accounts available for just 5 bitcoins ($2,200).
Update: A Twitter spokesperson said, “We are confident that these usernames and credentials were not obtained by a Twitter data breach – our systems have not been breached. In fact, we’ve been working to help keep accounts protected by checking our data against what’s been shared from recent other password leaks.”
Twitter’s Trust & Info Security Officer Michael Coates tweeted about the company’s investigation into the matter: