This week a leak to the dark web included the passwords of thousands if not millions of Twitter users. Through our first report on this leak, LeakedSource suggests that the bulk of the users affected by this data breach were and are in Russia. It was also reported earlier this week that it was not Twitter itself that was hacked, but a vast number of users that, via malware, were being monitored and, as they used Twitter, their Twitter passwords were recorded.
This morning Twitter both confirmed and denied allegations. Twitter confirmed that there was indeed a batch of Twitter @names and passwords leaked to the web “over the past days and weeks.”
Twitter denied any allegations that they themselves had been hacked. “We have investigated reports of Twitter usernames/passwords on the dark web,” said Twitter Trust & Info Security Officer Michael Coates, “and we’re confident that our systems have not been breached.”
“We securely store all passwords w/ bcrypt,” Coates continued. “We are working with @leakedsource to obtain this info & take additional steps to protect users.”
The strength of your password is irrelevant.
While it is important to have a strong password, that alone will not always save you. In this situation it was malware affecting browsers – they’d downloaded malware and passwords were lifted from their browser. As LeakedSource suggests, “Remember that Twitter probably doesn’t store the passwords in plaintext, Chrome and Firefox did.”
This wasn’t Twitter’s fault.
Twitter wasn’t hacked.
While the most vast number of emails in the database of hacked users was @mail.ru with over 5-million entries, the next three were .com addresses: @yahoo with 4.7 million, @hotmail with 4.5 million, and @gmail with 3.3 million.
This is the sort of thing that happens when your relative sees a webpage that says “you have a broken computer, call us to let us give you tech support” and does it.
This weekend – or maybe on Father’s Day, if that’s the next holiday you visit your family – warn them. Tell them to stop downloading things.
Tell them to stop downloading:
1. Email attachments.
2. Files outside of app stores.
4. Anything they’ve never seen before.
This does not apply to everyone. If you’re computer-savvy, you’ll probably fairly easily be able to figure out which files are going to have potential for malicious intent, and which are safe.
You are likely the exception to the rule.
But you know the friend or relative that’s going to accidentally download malicious software. You can see them in your mind’s eye right this minute. Warn them. Every time you see them.
And don’t think for a minute that a secure password is the only thing that can protect your computer – or a friend’s computer – from hackers.