Michael Coates, Twitter’s trust and information security officer, said in a June 10 blog post that they have recently responded to reports of leaked usernames and passwords available for sale on the dark web. However, the information wasn't obtained directly through Twitter’s servers.
Twitter usernames and passwords could have been amassed through combination of information from other recent breaches or from malware on machines, Coates said.
Consumers can buy stolen identities, subscriptions and social media credentials on the dark web—an underground marketplace.
Security officers identified accounts that need “extra protection,” and accounts with password exposure must be reset by the owners, Coates wrote in the post.
He encouraged Twitter users to use strong passwords and not reuse passwords between various websites, because if someone uses the same username and password on multiple sites, attackers could more easily take over their accounts.
“That’s why a breach of passwords associated with website X could result in compromised accounts at unrelated website Y,” Coates wrote.
As many as 32 million usernames and passwords may have been sold on the dark web in this security breach, TechCrunch reported.
Recently, about a dozen celebrities’ Twitter accounts were hacked and hackers tweeted death rumors and sex tape allegations from those celebrities handles.
Facebook CEO Mark Zuckerberg’s social media accounts were broken into because he allegedly used the same term in passwords for multiple sites, which both Facebook and Twitter warn against.
To keep up with the constantly evolving world of privacy and security sign up for the Bloomberg BNA Privacy and Security Update.
Notify me when updates are available (No standing order will be created).
Put me on standing order
Notify me when new releases are available (no standing order will be created)