Connect with us

Hi, what are you looking for?



32 Million Twitter Credentials Emerge on Dark Web

32 Million Twitter Account Derails for Sale

32 Million Twitter Account Derails for Sale

A hacker claims to be sitting on more than 32 million Twitter account credentials with plans to sell the account details on the Dark Web.

News of the alleged leak comes after millions of LinkedIn (167 million), Myspace (360 million), Tumblr (65 million), and VK (170 million) user accounts were leaked online.

The cybercriminal behind the claimed Twitter leak is the same hacker who was previously attempting to sell stolen data from Myspace, Tumblr and VK user accounts, namely [email protected]. The Twitter credentials have already made it online on paid search engine for hacked data LeakedSource, which says it received a total of 32,888,300 records, each containing user’s email address, username, possibly a second email, and a password.

According to the website, they contacted 15 impacted users and all of them verified that the passwords included in the leak are real, and they believe that the data set is the real deal. However, LeakedSource notes that the data leak might have not been the result of Twitter being hacked, but rather the users being compromised.

The search engine also notes that “123456” was the password occurring the most in the leak (120,417 times), followed by “123456789” (32,775 occurrences) and “qwerty” (22,770 occurrences). Moreover, they reveal that “” (5,028,220), (4,714,314), (4,520,434), (3,302,205) and (1,020,757) were the top email domains in the data set.

These credentials were supposedly acquired with the help of information stealing malware designed to harvest them from browsers and other applications. Twitter has been using strong encryption when storing passwords for several years now, and it would make it impossible for newly created, very strong passwords to leak in plaintext if it wasn’t for malware compromising the user.

In fact, Michael Coates, Trust & Info Security Officer at Twitter, says that the company is storing all passwords with bcrypt, which should keep sensitive user data safe. He also notes that the social platform is working with LeakedSource in investigating the incident.

Advertisement. Scroll to continue reading.

 What is yet unclear is how old the supposedly leaked data is, since LeakedSource doesn’t provide specific details on that, although they do suggest that some credentials might be only a couple of years old. Furthermore, IT Security expert Sorin Mustaca tells SecurityWeek that the manner in which these credentials were stolen isn’t that clear either.

“Interesting enough, Leakedsource writes that they “very strong evidence that Twitter was not hacked”, rather the users got infected with some malware which stole credentials directly from the browsers of any account, not only Twitter’s,” Mustaca says. “However, there is no clear evidence presented that this is indeed the case. Their explanation for malware stealing credentials from browser is not entirely valid.”

Although malware that targets browsers to steal user data is not unheard of, Mustaca explains that browsers store credentials encrypted, and that a master password is required to decrypt them. “Sometimes this password is the logged on user’s password, sometimes it is independent of the logged on user. But there is always a password,” he says.

According to Mustaca, the question that we need to ask ourselves is how the hacker ended up obtaining exactly Twitter accounts and the password in plain text. “And where are the other accounts?,” Mustaca also asks. If malware was indeed used to harvest these credentials, the attacker should have ended up with a whole lot of other user data as well, pertaining to other online services.

 In the end, there is a great chance that this Twitter password leak might have been fabricated, as Australian security researcher Troy Hunt, who maintains the Have I Been Pwned service, says. In a tweet, he notes that fake breaches did emerge recently, and says in another that, although we’ve seen some major breaches recently, it doesn’t mean that new ones are real.

On its official support account, Twitter noted a couple of days ago that it was already looking at the data that emerged in the recent data leaks to see if there is a connection with what people use on its service. “To help keep people safe and accounts protected, we’ve been checking our data against what’s been shared from recent password leaks,” the company said.

If there is one thing that the previous major data breaches taught us, is that people should never re-use a password on multiple accounts and that they should always secure their accounts with strong, difficult to guess passwords. “123456”, “password”, or “qwerty” are the first passwords that
an attacker will try when attempting to breach an account, and users should steer clear of them.

 The recent series of high profile breaches has already triggered reactions from tech companies and online services. TeamViewer struggles with a flood of reports from users being hacked but says it hasn’t been compromised, Reddit decided to prompt users to reset their passwords to avoid account takeovers, while Microsoft announced that it is banning commonly used passwords from its services.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Artificial Intelligence

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...