Millions of Twitter passwords have reportedly surfaced online and are being sold on the dark web.
LeakedSource, which collects credentials from data breaches, says it has received more than 32 million records, including email addresses, usernames and passwords.
"We have very strong evidence that Twitter was not hacked, rather the consumer was," it says.
The Week
Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.
Sign up for The Week's Free Newsletters
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
A spokesperson for the social media giant said it was "confident" its systems had not been breached.
LeakedSource believes that malware was responsible for the breach and sent usernames and passwords saved in browsers such as Chrome and Firefox to the hackers.
A Russian, known by his alias Tessa88, is selling the credentials for 10 bitcoins, or about £4,000, according to Zdnet.
The most commonly used passwords in the data cache included "123456", "qwerty" and "password".
These are not good passwords, says Mashable. "An analogy to using these would be locking your front door, but then leaving keys on your porch. And breaking the lock. And punching a big hole in the door."
However, nearly 150,000 of the passwords contained more than 30 characters, which means that the strength of a password "is irrelevant" if the user has been infected with the malware, says LeakedSource. Turning on two-factor authentication will help keep an account more secure.
Based on the emails provided, many of the affected users appear to be from Russia. The site says it has verified the authenticity of the passwords with 15 users, all of whom confirmed they were genuine.
But some experts have expressed scepticism about the authenticity of the data, Tech Crunch reports.
"They may well be old leaks if they're consistent with the other big ones we've seen and simply haven't seen the light of day yet," said Troy Hunt, the creator of a site called haveibeenpwned.com, which catalogues breaches.
-
The curious history of hanging coffinsUnder The Radar Ancient societies in southern China pegged coffins into high cliffsides in burial ritual linked to good fortune
-
The Trump administration says it deports dangerous criminals. ICE data tells a different story.IN THE SPOTLIGHT Arrest data points to an inconvenient truth for the White House’s ongoing deportation agenda
-
Ex-FBI agents sue Patel over protest firingspeed read The former FBI agents were fired for kneeling during a 2020 racial justice protest for ‘apolitical tactical reasons’
-
Femicide: Italy’s newest crimeThe Explainer Landmark law to criminalise murder of a woman as an ‘act of hatred’ or ‘subjugation’ but critics say Italy is still deeply patriarchal
-
Brazil’s Bolsonaro behind bars after appeals run outSpeed Read He will serve 27 years in prison
-
Americans traveling abroad face renewed criticism in the Trump eraThe Explainer Some of Trump’s behavior has Americans being questioned
-
Nigeria confused by Trump invasion threatSpeed Read Trump has claimed the country is persecuting Christians
-
Sanae Takaichi: Japan’s Iron Lady set to be the country’s first woman prime ministerIn the Spotlight Takaichi is a member of Japan’s conservative, nationalist Liberal Democratic Party
-
Russia is ‘helping China’ prepare for an invasion of TaiwanIn the Spotlight Russia is reportedly allowing China access to military training
-
Interpol arrests hundreds in Africa-wide sextortion crackdownIN THE SPOTLIGHT A series of stings disrupts major cybercrime operations as law enforcement estimates millions in losses from schemes designed to prey on lonely users
-
China is silently expanding its influence in American citiesUnder the Radar New York City and San Francisco, among others, have reportedly been targeted
