Already linked to the LinkedIn, Myspace, Tumblr and VK.com data breaches, the Russian hacker Tessa88 earlier this week claimed access to 379 million Twitter accounts, offering to sell the leaked database for 10 bitcoins, according a ZDNet report.
Another report from LeakedSource put the actual number of unique records closer to 32.9 million after eliminating duplicates, noting that each record may contain an email address, username, a possible second email and a visible password. While the credentials appear to be legitimate, the site noted that it had “very strong evidence that Twitter was not hacked.” Rather, the affected consumers were more likely victimized via malware that saved credentials from various browsers, the site explained. One clue leading to this theory is that otherwise uncrackable passwords were presented in plaintext, and Twitter does not store passwords in plaintext, while browsers do.
Dimitri Sirota, the CEO and co-founder of the privacy management firm BigID, warned in a statement emailed to SCMagazine.com that one major breach can cause reverberations that ultimately impact many other businesses, if even these secondary companies were never infiltrated, their “customers are also customers elsewhere” and “because users share credentials across sites.”
Twitter, in a recent tweet, wrote that it’s been “checking our data against what’s been shared from recent password leaks.”