A hacker linked to the data breaches that affected MySpace, Tumblr and LinkedIn is now selling millions of accounts on social media platform Twitter for bitcoins.
The Russian hacker, who is known simply as Tessa88, claimed that he was able to obtain a database of Twitter accounts that includes information such as usernames, e-mail addresses and passwords in plain text.
The sale price for the bundle is 10 bitcoins, which is worth just less than $6,000.
According to Tessa88, the information was acquired beginning last year, and it covers 379 million accounts. The number is larger than the 310 million monthly active users on Twitter, but the database likely includes cumulative accounts such as those that are already inactive.
A Twitter spokesperson, in response to the user information being sold, said that with millions of passwords having been stolen over the past few weeks, users are recommended to use a stronger and unique password for the social media platform.
An analysis on the database by LeakedSource, however, reveals that there are only nearly 33 million records in the bundle being sold. While the number is far less than the 379 million accounts advertised, the breach is still critical as the credentials were found to be valid ones. All of the 15 Twitter users that were contacted by LeakedSource verified the authenticity of the information in the data set.
LeakedSource speculates that the victim of the hacking is not Twitter itself but rather its users. A malware may have infected the machines of millions of users and sent back to the hackers all the log-in credentials users are inputting through their internet browsers. This is why the passwords are in plain text, as Twitter does not store such sensitive information in that manner, pointing to the fact that the passwords were acquired from internet browsers that store the passwords in that way.
According to Leaked Source, the most popular passwords for the Twitter users that were affected by malware were "123456," followed by "123456789," "qwerty," "password" and "1234567."
That said, there is a greater need for users to begin stepping up their online security, beginning with using passwords that are harder to crack and not accessing untrusted links that could infect computers and devices with malware.
Even Facebook CEO Mark Zuckerberg is not safe from hackers, with his Pinterest and Twitter accounts compromised. The attack was made possible by the LinkedIn passwords leaked earlier by the same hacker now selling the Twitter information data set.