The website LeakedSource revealed 32,888,300 Twitter usernames and passwords were also on sale on the dark web, which it is believed has already led to a rash of high profile hacks, including Mark Zuckerberg and Twitter co-founder Evan Williams.
Now, it has been revealed what the most popular passwords were - with more than 120,000 users opting for '123456'.
That was followed by '123456789,' 'qwerty,' 'password,' and a host of other easily guessable passwords (including '12345').
A Saudi-based group of hackers is believed to be behind the attack.
Now it seems the Facebook founder was not their only high profile target as Evan Williams, the co-founder and former chief executive of Twitter has also been hacked by the same group.
Mr Williams' Twitter account was hacked on Wednesday, through his Foursquare account, by the hacking group OurMine.
The group reportedly posted a tweet, which has since been removed, that read: 'Hey, it's OurMine Team, we are just testing your security, please send us a message' followed by an email address.
A Twitter spokesperson told MailOnline the social media site itself had not been hacked.
'We are confident that these usernames and credentials were not obtained by a Twitter data breach – our systems have not been breached,' they said.
'In fact, we've been working to help keep accounts protected by checking our data against what's been shared from recent other password leaks.'
A number of other high-profile figures have been hacked, including Lana Del Rey, Drake and Kylie Jenner - although it is not yet known if those attacks are related.
Today, the website LeakedSource revealed 32,888,300 Twitter usernames and passwords were also on sale on the dark web.
The attacks were probably achieved by retrieving passwords stored in people's browsers, like Google Chrome or Mozilla Firefox, LeakedSource said in a blog post.
'The explanation for this is that tens of millions of people have become infected by malware, and the malware sent every saved username and password from browsers like Chrome and Firefox back to the hackers from all websites including Twitter,' the blog said.
It came to this conclusion because some of the 'uncrackable' passwords that had been added to the list recently were in plaintext, a format that Twitter would be unlikely to store passwords in, for security reasons.
On top of this, a significant amount of users with the password '<blank>' and 'null' were found, which is often what browsers will save if no password is entered.
The majority of hacked Twitter users seemed to be based in Russia, with 5,028,220 email addresses ending in '@mail.ru', according to the blog.
Even those with long passwords are not safe, as 148,551 visible passwords were over 30 characters in length.
'We have attempted to contact Twitter to provide them some more information but have not heard back yet,' the blog post added.
'The lesson here? It's not just companies that can be hacked, users need to be careful too.'
The chief executive of tech support firm Zendesk is another high-profile figure to have his Twitter account hacked, according to the BBC.
Mikkel Svane's hijacked account had its ID image changed to that of a cartoon.
LeakedSource has added the information to its search engine, which is a paid service, but lets people remove leaked information for free.
Twitter's security officer Michael Coates Tweeted: 'We have investigated reports of Twitter usernames/passwords on the dark web, and we're confident that our systems have not been breached.'
This news comes not long after it was revealed that major companies such as Facebook and Netflix are scanning through login details revealed in previous data leaks from other sites to see whether their own users' credentials match.
If they find matching passwords, they are then asking users to reset their passwords in an attempt to increase their security.
Netflix, for example, sent emails to multiple users last week who used the same password for them as they did for LinkedIn, Tumblr and Myspace a few years ago.
The message read: 'We believe your Netflix account credentials may have been included in a recent release of email addresses and passwords from an older breach at another company,
Click link to read full text
No comments:
Post a Comment