Almost 33 Million Twitter Passwords Stolen and Put Up for Sale for Bitcoins
Leaked Sourced has obtained their copy of the list from user Tessa88, who is also linked to recent attempt to sell a database of 100 million passwords for Russian social network VK.com. The same alias was used to sell data on MySpace, LinkedIn and Tumblr users.
Some publications call Tessa88 a â€śRussian sellerâ€ť. The hacker has announced the sale in an encrypted chat room on June 7. According to him or her, the database was initially obtained in 2015.
Tessa88’s price for the database comprises 10 BTC.
Leaked Source states that it has contacted 15 users mentioned on the list, all of whom have confirmed the passwords were real.
Experts suggest that the passwords have not been neither encrypted or hashed, which means that they most likely had been stolen directly from the users. Most probably, the data was collected with some kind of malware. Leaked Source’s report reads:
â€śThe explanation for this is that tens of millions of people have become infected by malware, and the malware sent every saved username and password from browsers like Chrome and Firefox back to the hackers from all websites including Twitter. The proof for this explanation is as follows:
â€” The join dates of some users with uncrackable (yet plaintext) passwords were recent. There is no way that Twitter stores passwords in plaintext in 2014 for example.
â€” There was a very significant amount of users with the password “<blank>” and “null”. Some browsers store passwords as “<blank>” if you don’t enter a password when you save your credentials.
â€” The top email domains don’t match up to a full database leak, more likely the malware was spread to Russians.â€ť
Top-20 of most frequently used passwords looks as follows:
Subscribe to our Newsletter<
- New Report Reveals How Long Hackers Keep Using Compromised Accounts
- North Korean Hackers Create Crypto-Trading Apps to Steal Cryptocurrencies
- CipherTrace: Twitter Hackers Laundered Stolen Bitcoins Through Exchanges and Casinos
- 7th Hacker Congress in Prague to Seek Relief from Digital Totalitarianism
- Former GlobalHell Hacker: The Attack on Twitter Is Way Bigger than Anticipated
- UK, U.S., and Canada Accuse Russia of Hacking Attacks to Steal Secret Research on Covid-19 Vaccine
- Hack of the Decade: Shameless Bitcoin Scam or Something Much More Sinister?
- Germany Calls On EU Countries to Impose Cyber Sanctions On Russian Hackers