Twitter has started locking user accounts following a hack that saw more than 32 million usernames and passwords stolen.
The reported 'hack', which occurred on Wednesday, lifted Twitter users' account data, and according to LeakedSource, contains 32,888,300 records, including email addresses, usernames, and passwords.
Twitter has not disclosed how many accounts it has chosen to lock, but the company told the Wall Street Journal the number was in the millions, and that those affected will receive an email explaining what's happened.
Despite the sheer volume of credentials contained at the hack, the micro-blogging site was, and still is, adamant Twitter itself has not been hacked. A spokesperson said on Wednesday it is "confident" the usernames and credentials were not obtained by a data breach. Instead, it is believed the details were stolen by malware running on browsers, mainly because they are written in plaintext.
"We've been working to help keep accounts protected by checking our data against what’s been shared from recent other password leaks," the spokesperson said.
After cross-checking the password dump with its records on Thursday, Twitter identified some of its accounts as requiring extra protection, locking them and requiring a password reset.
The social network updated its statement in a blog post on Friday, urging users to employ HTTPS everywhere and security for email from twitter.com, and secure account credentials using bcrypt.
"We protect access to accounts by evaluating items such as location, device being used, and login history to identify suspicious account access or behaviour," said the firm. “In situations where your password has been directly exposed, you are sent a password reset notification; your account is protected until the owner of the email or phone number resets the password.”
Twitter advised users that to keep their accounts safe in the future, theyy should enable login verification such as two-factor authentication, use a strong password that isn't reused on other websites, and use a password manager such as 1Password or LastPass to make sure they're using strong, unique passwords everywhere.
Twitter's co-founder Evan Williams' account was also breached on Wednesday in an related hack, through his Foursquare account, by the hacking group OurMine – the same group who hacked into the account of Facebook founder Mark Zuckerberg earlier this month.
The group reportedly posted a tweet on Williams' twitter page, which has since been removed, stating: "Hey, it's OurMine Team, we are just testing your security, please send us a message" followed by an email address.
0 Response to "Twitter locks millions of accounts following reports of stolen passwords"
Post a Comment