After MySpace and LinkedIn, the latest social networking site to fall prey to hackers is Twitter. Reports of the hack started floating on Tuesday when a hacker, who goes by the name Tessa88, claimed to be in possession of over 370 million (37 crore) Twitter account credentials.
LeakedSource, a search engine that searches through leaked credentials, claimed in a blog post on Thursday to have received a copy of the hacker's credentials. The site also said that the number of hacked accounts may be 33 million (3 crore), and not 370 million. 33 million is 10% of Twitter's monthly user base.
According to LeakedSource, over 32 million accounts on Twitter were hacked and their credentials stolen, using malware softwares. According to Twitter officials, there was no breach of Twitter. Hackers used malware infected browsers such as Google Chrome or Mozilla Firefox to extract information such as passwords, usernames and addresses.
“We are confident that these usernames and credentials were not obtained by a Twitter data breach – our systems have not been breached. In fact, we’ve been working to help keep accounts protected by checking our data against what’s been shared from recent other password leaks,” TechCrunch reported a Twitter spokesperson as saying.
According to CNET, the information is being sold on the dark net for 10 bitcoins, or $5,810.
Allegedly, Tessa88 was also responsible, or at least linked, to those responsible for the Myspace and LinkedIn breaches. LeakedSource also claimed that Tessa88 was also the name of the person who submitted the information hacked in 2011-12 from VK, a Russian social networking site, known as Russia's Facebook, which was released earlier in June. A hacker, going by the name of 'Peace' had claimed responsibility for it.
LeakedSource said they matched 15 of the credentials to the users they were associated with, and found that the data checked out. But all the credentials may not be genuine, and doubts remain as to the authenticity of the data. It could also be data belonging to now defunct user accounts, or compiled from older leaks.
Over the last few weeks, a slew of celebrities have had their social media accounts hacked.
The list includes names such as musicians Katy Perry, Lana Del Rey, Drake, Tame Impala, Sonic Youth, Keith Richards and even the late George Harrison of Beatles. Two days ago, the National Football League's Twitter account was also hacked.
Other important personalities who had their accounts recently hacked include Facebook's CEO Mark Zuckerberg, Mikkel Svane, head of security at Zendesk, and Evan William, Twitter's former CEO and co-founder.
According to Twitter, the increased cases of hacking are due to the re-use of passwords and credentials by users, for several internet sites, especially celebrities. A plausible theory is that hackers used Myspace and LinkedIn passwords (hacked in 2011) that were recently leaked for sale, and tried them for Twitter accounts. Turns out that users keep re-using their old passwords.
A classic example: Facebook's Mark Zuckerberg himself, who apparently used the same password 'Dadada' for a variety of sites.