Russian hackers sell 33 million Twitter passwords online

Millions of passwords from both social networks have been put up for sale on the dark web in recent weeks that were obtained in hacks that date back to 2011. Since many people re-use passwords across the web, a trial and error approach on other social networks could result in many successful attacks.

It is believed that trying LinkedIn and Myspace passwords on Twitter accounts is how several celebrity Twitter accounts have been hacked into over the last week.

A hacking group called OurMine accessed Zuckerberg’s account this week, revealing that his password had been “dadada”. Rock group Tenacious D’s account was breached resulting in a Jack Black death hoax, and others including Lana Del Rey and Keith Richards were affected.

A spokesman for Twitter said it is “confident” that it hasn’t been hacked.

“We are confident that these usernames and credentials were not obtained by a Twitter data breach – our systems have not been breached,” the company said. “In fact, we’ve been working to help keep accounts protected by checking our data against what’s been shared from recent other password leaks.”

Security blog LeakedSource said the data contained 32.9m records. The hacker is reportedly selling the data for 10 bitcoins (£4,000).

Richard Parris, head of cybersecurity company Intercede, said the incidents show that passwords are “no longer fit” for purpose.

“Passwords and usernames need to be consigned to the dusty archives of yesteryear,” said Parris. “Online platforms hold masses of sensitive personal data about millions of consumers, and should not be relying on outdated password authentication.”

Source | Telegraph