Slashdot Mirror

← Back to Stories (view on slashdot.org)

Russian Hacker Selling Information of 32 Million Twitter Accounts, Report Says (zdnet.com)

Posted by BeauHD on from the time-to-change-your-password dept.

An anonymous reader writes: The hacker who has links to the recent Myspace, LinkedIn, and Tumblr data breaches, is claiming to have obtained a database of millions of Twitter accounts. The data reportedly includes addresses, usernames, and plain-text passwords of 379 million Twitter accounts. The hacker, Tessa88, wants 10 bitcoins, or about $5,820 for the cache. On Wednesday, LeakedSource claimed that the real number of accounts was just under 33 million, which is more than 10 percent of Twitter's monthly active accounts. This follows the hacking of Mark Zuckerberg's Twitter and Pinterest accounts.

20 of 54 comments (clear)

  1. Re:Shameful moderation by Anonymous Coward · · Score: 1

    You have to be a real asshole and psychopath to think that selling hacked accounts should get someone killed, but calling for the murder of a person should not get your comment modded down.

  2. Is there any way to check if your own email... by Anonymous Coward · · Score: 1

    ...is on the list?

    Or more generally, is there a reputable website that provides this service already?

    1. Re: Is there any way to check if your own email... by Anonymous Coward · · Score: 4, Informative

      There's no way to check if your account is on the Twitter account list. That would require knowing the list, which the hacker is selling.
      In general, you should visit https://haveibeenpwned.com/ on occasion to see if your account data was breached.
      Best practice is to have different passwords everywhere, so hackers can't use stolen passwords from one site to login to another site. This is one of the reasons selling accounts is profitable.

  3. My opening bid: $0.32 by xxxJonBoyxxx · · Score: 1

    >> 32 million Twitter accounts

    OK, let me make the opening bid. I'll give you $0.32 for all of 'em, since about 70% are probably dormant, another 20% are hooked up to broadcast services, 9% are chatbots, and the rest are probably morons for using easily-guessable passwords or falling victim to "data entry" phishing attacks.

    1. Re:My opening bid: $0.32 by FudRucker · · Score: 1

      you forgot to include spammers that only post links to clickbait and crappy books and music for sale

      --
      Politics is Treachery, Religion is Brainwashing
    2. Re:My opening bid: $0.32 by ClickOnThis · · Score: 1

      It's a deal. I can give you 120,000 of them.

      Ready for it? The most common password was "123456".

      That will be $38,400 please.

      --
      If it weren't for deadlines, nothing would be late.
  4. This could be a scam by tangent3 · · Score: 3, Interesting

    Someone claims this is a scam - the accounts were actually sourced from tumblr and linkedin leaks
    https://jesterscourt.cc/member...

    1. Re:This could be a scam by djsmiley · · Score: 2

      Sourced and then tested... doesn't make it a scam.

      --
      - http://www.milkme.co.uk
  5. Re:Should we dump our old account and set up new o by Anonymous Coward · · Score: 3, Informative

    Yes to 1, no to 2.

  6. Don't trust leakedsource.com by Artem+S.+Tashkinov · · Score: 1

    I paid those fuckers for access, never got one - all searches still return bare numbers without any data - "subscribe to see raw data".

    My five (!) support requests remain unanswered (I sent the first one over four days ago).

    It looks like they indeed have the leaked data, but they are not willing to share it with anyone.

  7. Good thing... by Bruinwar · · Score: 1

    It's a good thing I don't have Myspace, LinkedIn, and Tumblr accounts. Twitter? I think I got two of them I started a years ago. At the time I'm sure I had a reason. I get messages on two different email accounts from Twitter, so I figure I have the accounts.

    Maybe I can go cancel them (if it's possible). I see no need for them whatsoever. Or am I missing something?

    --
    SLOWER TRAFFIC KEEP RIGHT
    1. Re:Good thing... by Bruinwar · · Score: 1

      OK so I didn't cancel them, but I did change the passwords. I might want one of both of those accounts some day. Not that it would really matter if they were hacked. There is nothing in my profile, not even my name, so what's the worst that can happen?

      --
      SLOWER TRAFFIC KEEP RIGHT
  8. Re:again...? by djsmiley · · Score: 2

    Or just setup the automated emails...

    --
    - http://www.milkme.co.uk
  9. Wrong attribution by softnewsit · · Score: 3, Informative

    Tessa88 was the benefactor that gave the data to LeakedSource. He's not the hacker. Way to go ZDNet. You just blamed an innocent person. https://www.leakedsource.com/b...

    --
    Go away!
  10. This isn't just Twitter by Simon+Brooke · · Score: 2

    If it's true that the passwords have been harvested by malware which uploads the victim's browser's password cache, then this is not just Twitter. It's every site you use. The lesson, if you create websites which require authentication, outsource the authentication function to OpenID providers who have three factor authentication (e.g. Google) - or implement three factor authentication infrastructure yourself, which is not trivial.

    --
    I'm old enough to remember when discussions on Slashdot were well informed.
    1. Re:This isn't just Twitter by geekmux · · Score: 1

      If it's true that the passwords have been harvested by malware which uploads the victim's browser's password cache, then this is not just Twitter. It's every site you use. The lesson, if you create websites which require authentication, outsource the authentication function to OpenID providers who have three factor authentication (e.g. Google) - or implement three factor authentication infrastructure yourself, which is not trivial.

      Common Sense security mechanisms are trivial.

      Getting the average user or even service provider to adopt it as a matter of default is another matter entirely.

      We'll need the masses to have their identities stolen and force them to spend money on recovering their lives, reputations, and credit ratings before any real adoption is going to take place. Needless to say, the average ignorant user is gonna have to learn the hard way.

      It's like dealing with a fucking teenager. They always know better, right up to the point they're proven wrong. The hard way.

  11. Re:People who do this should be killed by ShanghaiBill · · Score: 2

    Seriously, find out who this guy is, arrest him, destroy his data, and execute him.

    I assume you mean the idiot at Twitter who thought it was acceptable to store plain text passwords in a database. A server should never even see a plain text password. Passwords should be salted and encrypted in the browser, using SHA-256 or stronger, before being transmitted to the server.

  12. Re:Why do Slashdot users continually defend hacker by ShanghaiBill · · Score: 3, Insightful

    It's as if Slashdot users approve and encourage this type of behavior. Why?

    Because the solution to the problem is better security, not more ethical hackers. Hackers will hack, regardless of the severity of the punishment. How many hackers do you think will be dissuaded by stern disapproval from Slashdot?

  13. Re:Why do Slashdot users continually defend hacker by Yvan256 · · Score: 1

    I think most people here do not agree with the hacker's actions, however most of us probably think that people should stop voluntarily putting all their informations and their lives into public social networks. Yes the hacker is to blame, but all the users can be blamed too.

  14. Re:Why do Slashdot users continually defend hacker by Cid+Highwind · · Score: 1

    Most of us have come to accept that black hats will never be punished, because on the internet it's very easy to involve multiple unfriendly countries in a crime, and when you put American and Russian agents on the same case it's very hard to get them to stop playing "my country has the biggest dick therefore I'm in charge" and start cooperating to catch the black hat. There's a subtle difference.

    --
    0 1 - just my two bits