Millions of Twitter passwords have reportedly surfaced online and are being sold on the dark web.
LeakedSource, which collects credentials from data breaches, says it has received more than 32 million records, including email addresses, usernames and passwords.
"We have very strong evidence that Twitter was not hacked, rather the consumer was," it says.
Subscribe to The Week
Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.
Sign up for The Week's Free Newsletters
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
A spokesperson for the social media giant said it was "confident" its systems had not been breached.
LeakedSource believes that malware was responsible for the breach and sent usernames and passwords saved in browsers such as Chrome and Firefox to the hackers.
A Russian, known by his alias Tessa88, is selling the credentials for 10 bitcoins, or about £4,000, according to Zdnet.
The most commonly used passwords in the data cache included "123456", "qwerty" and "password".
These are not good passwords, says Mashable. "An analogy to using these would be locking your front door, but then leaving keys on your porch. And breaking the lock. And punching a big hole in the door."
However, nearly 150,000 of the passwords contained more than 30 characters, which means that the strength of a password "is irrelevant" if the user has been infected with the malware, says LeakedSource. Turning on two-factor authentication will help keep an account more secure.
Based on the emails provided, many of the affected users appear to be from Russia. The site says it has verified the authenticity of the passwords with 15 users, all of whom confirmed they were genuine.
But some experts have expressed scepticism about the authenticity of the data, Tech Crunch reports.
"They may well be old leaks if they're consistent with the other big ones we've seen and simply haven't seen the light of day yet," said Troy Hunt, the creator of a site called haveibeenpwned.com, which catalogues breaches.
-
Trump picks conservative BLS critic to lead BLSspeed read He has nominated the Heritage Foundation's E.J. Antoni to lead the Bureau of Labor Statistics
-
What's a pocket rescission and can Trump use one?The Explainer The White House may try to use an obscure and prohibited trick to halt more spending
-
US, China extend trade war truce for 90 daysSpeed Read The triple-digit tariff threat is postponed for another three months
-
How China uses 'dark fleets' to circumvent trade sanctionsThe Explainer The fleets are used to smuggle goods like oil and fish
-
One year after mass protests, why are Kenyans taking to the streets again?today's big question More than 60 protesters died during demonstrations in 2024
-
What happens if tensions between India and Pakistan boil over?TODAY'S BIG QUESTION As the two nuclear-armed neighbors rattle their sabers in the wake of a terrorist attack on the contested Kashmir region, experts worry that the worst might be yet to come
-
Why Russia removed the Taliban's terrorist designationThe Explainer Russia had designated the Taliban as a terrorist group over 20 years ago
-
Inside the Israel-Turkey geopolitical dance across SyriaTHE EXPLAINER As Syria struggles in the wake of the Assad regime's collapse, its neighbors are carefully coordinating to avoid potential military confrontations
-
'Like a sound from hell': Serbia and sonic weaponsThe Explainer Half a million people sign petition alleging Serbian police used an illegal 'sound cannon' to disrupt anti-government protests
-
The arrest of the Philippines' former president leaves the country's drug war in disarrayIn the Spotlight Rodrigo Duterte was arrested by the ICC earlier this month
-
Ukrainian election: who could replace Zelenskyy?The Explainer Donald Trump's 'dictator' jibe raises pressure on Ukraine to the polls while the country is under martial law
