Millions of Twitter passwords were stolen. What can users do?

Russian hacker Tessa88 stole the account information of millions of Twitter users and is now selling the information for nearly $6,000 a user. 

|
Kacper Pempel/Reuters/File
A Twitter logo behind silhouettes of people with cellphones. A Russian seller claims to have the hacked information of millions of Twitter users.

Millions of Twitter accounts have been compromised, a Russian seller with ties to the Myspace, LinkedIn, and Tumblr data breaches claimed Tuesday.

The seller, who goes by Tessa88, appears to have obtained the login credentials of more than 32 million users, which, for each of them, includes at least one email address, a password, and a username.

"The lesson here? It’s not just companies that can be hacked," wrote Leakedsource.com, a breach notification website that verified the Tessa88's claims. "Users need to be careful, too."

The author of the Leakedsource.com blog post isn't the only expert to urge the public be smarter about the passwords they choose. Especially after Facebook chief executive officer Mark Zuckerberg's Twitter password was found to be just "dadada," experts have insisted you should come up with more creative, secure passwords.

Twitter itself doesn't appear to have been hacked, it said in a statement.

"We are confident that these usernames and credentials were not obtained by a Twitter data breach – our systems have not been breached. In fact, we've been working to help keep accounts protected by checking our data against what's been shared from recent other password leaks," a Twitter spokesperson said, according to TechCrunch.

Leakedsource.com confirmed Twitter's suspicion. The website said passwords stolen from Twitter would have been encrypted. The passwords in the database were plain text.

The data breach likely occurred through malicious software, which could have sent usernames and passwords saved in Chrome, Firefox, and other internet browsers to the hackers, according to Leakedsource.com. The majority of users appear to live in Russia, wrote Leakedsource.com.  

In an encrypted message Tuesday, Tessa88 offered the usernames and passwords of 379 million Twitter accounts from as early as 2015, each for a price of 10 bitcoins ($5,819.30 by press time), according to ZDNET. Because there were only 310 million Twitter users in 2015, according to ZDNET, Leakedsource.com suspects the number of accounts is more likely in the range of 32,888,300. Perhaps more concerning than the scope of the data breach is users' popular passwords. 

The most popular passwords on the list are a simple, generic combination of numbers and letters. The most popular – the password of 120,417 users – is just "123456," according to Leakedsource.com. Second is "123456789," followed by "qwerty" and "password."

Though Facebook’s Mr. Zuckerberg was not in the data set (Leakedsource.com checked), he has received blowback for his password of "dadada" for his Twitter and Pinterest accounts.

"The most frustrating part is that all of this could have been avoided," said tech writer Alexandra Samuel in The Christian Science Monitor. Ms. Samuel admits, like Zuckerberg, she was hacked because of "bad password security."

After all, it’s not difficult to protect yourself online: create unique, tough-to-guess passwords for every account, change your passwords whenever a site gets hacked, and use two-factor authentication whenever possible. Also, don’t forget to use a password manager to generate, encrypt, store and update passwords for you. I used 1Password, an app that makes it possible to see which passwords I used for all my digital identities."

To combat malware and other password-cracking software, security expert and cryptographer Bruce Schneier recommends turning a sentence you can remember into a password, writes the Monitor's Max Lewontin.

Examples from the site LifeHacker include:

WOO!TPwontSB = Woohoo! The Packers won the Super Bowl!

PPupmoarT@O@tgs = Please pick up more Toasty O's at the grocery store.

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to Millions of Twitter passwords were stolen. What can users do?
Read this article in
https://www.csmonitor.com/Technology/2016/0609/Millions-of-Twitter-passwords-were-stolen.-What-can-users-do
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe