Twitter has finally spoken out after news broke that millions of usernames and their passwords became available on the dark web.
The company revealed on Friday that they investigated these claims and is "confident the information was not obtained from a hack of Twitter's servers."
Twitter is not denying the fact that there was a leak of data. It's just sticking to its findings that there was no internal breach. Instead, the company said that malware or hackers combining information from other breaches reported as of late could be how Twitter's usernames and passwords became exposed.
Reports claimed on Wednesday that 33 million of the social network's usernames and passwords are currently being sold on the dark web, the seedy part of the Internet that is encrypted and is not indexed by search engines.
The news of the password leak made Twitter the latest social network to be tied to a list of the platforms who suffered from breaches, including Myspace and LinkedIn. And since many people used the same passwords for Twitter as their LinkedIn — even Mark Zuckerberg — this makes sense that this could be one of the reason why hackers have been able to get or guess the passwords. However, LeakedSource, the service that first reported that millions of Twitter passwords were on the dark web, said that the data was most likely the result of malware.
"Nefarious individuals leverage this environment in order to either bundle old breached data or repackage accounts from a variety of breaches, and then claim they have login information and passwords for website Z," Twitter said in a blog post. "We take security concerns seriously, and investigate issues as they arise, but everyone should also scrutinize the merits of any credential claim. We're always focused on the issues that present a real threat to account security."
Regardless of how the leak happened, the fact of the matter is that many users' passwords might be out there somewhere on the dark web. So Twitter revealed that they have taken the measures to keep accounts safe.
The company notified an unspecified amount of users that their accounts are at risk. After cross-checking the leaked passwords with its records, it locked these users out from accessing their account and is requiring them to reset their password.
Those whose private Twitter information was exposed have been notified via email to change their password. Users won't be able to access their accounts without first changing their passwords to ensure that an unauthorized person isn't trying to log in.
Twitter also suggested other ways users can keep their accounts safe. First and foremost, users should change their password and select one that is strong. A great tip is to combine multiple words with capitalized letters, numbers and special characters. Do not use the same password for other websites.
The social network also stated that users enable the platform's two factor authentication. When the first signs on to the platform, they will be asked to register with their phone number and email address. A six-digit verification code will then be sent to the user's phone that will have to be entered in to access their account.
To set this up, visit the account settings page and check the box that reads "Require a verification code when I sign in" and tap on "add a phone."
Another way to protect the user's account, the company said, is to use a password manager such as LastPass. Password managers help ensure that all the users passwords are strong and saves them in one place—so users don't have to worry about forgetting all their new difficult passwords. The only downside is that if this account gets hacked, the user will have to change all the passwords yet again.
Source: Twitter
Photo: Esther Vargas | Flickr