Bad news for Twitter users: Hackers may have stolen more than 32 million Twitter passwords and put them up for sale on the Dark Web, a tech site reported.
LeakedSource said it got a copy of the data set from a certain “Tessa88@exploit.im,” containing some 32,888,300 records.
“Each record may contain an email address, a username, sometimes a second email and a visible password. We have very strong evidence that Twitter was not hacked, rather the consumer was. These credentials however are real and valid. Out of 15 users we asked, all 15 verified their passwords,” it said.
It said this may be due to tens of millions of people being infected by malware, and the malware sent every saved username and password from browsers to the hackers.
On the other hand, he said the passwords appeared to have been stolen directly from consumers, and are thus in plain text with no encryption or hashing.
“Remember that Twitter probably doesn’t store the passwords in plaintext, Chrome and Firefox did,” it said.
The Next Web quoted a Twitter spokesperson as saying they are confident these usernames and credentials were not obtained by a Twitter data breach.
“Our systems have not been breached. In fact, we’ve been working to help keep accounts protected by checking our data against what’s been shared from recent other password leaks,” the spokesperson added.