Another day, another report that your social-media password could now be for sale on the dark web: a hacker claims to be selling 32 million Twitter log-ins. Twitter, on the other hand, says it wasn’t even hacked and that the information probably comes from other leaks and people using the same password for everything.
LeakedSource claims to have received the Twitter information from the same user, Tessa88, who gave it hacked data from a Russian social-media site earlier. Tessa88 is selling the cache for about 10 bitcoin, or roughly £3,979.
A Twitter official tweeted about the hack and is “confident” that Twitter’s systems weren’t breached, which is sort of comforting, but ultimately useless if indeed someone out there is about to buy our password anyway and it’s all because we also use the same one for LinkedIn. The log-ins probably came from malware on Firefox and Chrome instead of being taken directly from Twitter, according to LeakedSource, which, again, doesn’t help much if your password is among the ones up for sale.
We have investigated reports of Twitter usernames/passwords on the dark web, and we're confident that our systems have not been breached.
— Michael Coates ஃ (@_mwc) June 9, 2016
Any of this sound familiar? Clearly, Mark Zuckerberg isn’t the only person who’s been taken down by bad password security, and just last week Myspace said that it had been hacked and the security information for everyone’s defunct website was up on the dark web.
With big leaks providing passwords (and yes, the most popular ones in today’s case were ‘123456' and ‘password’) for multiple sites, it seems like “hacking” is easier than ever now. In the latest case, there wasn’t even any need to break encryption. Wait long enough, and it’s only a matter of time before enough cross-referencing between leaks just does the trick. [TechCrunch]