Slashdot Mirror

← Back to Stories (view on slashdot.org)

Russian Hacker Selling Information of 32 Million Twitter Accounts, Report Says (zdnet.com)

Posted by BeauHD on from the time-to-change-your-password dept.

An anonymous reader writes: The hacker who has links to the recent Myspace, LinkedIn, and Tumblr data breaches, is claiming to have obtained a database of millions of Twitter accounts. The data reportedly includes addresses, usernames, and plain-text passwords of 379 million Twitter accounts. The hacker, Tessa88, wants 10 bitcoins, or about $5,820 for the cache. On Wednesday, LeakedSource claimed that the real number of accounts was just under 33 million, which is more than 10 percent of Twitter's monthly active accounts. This follows the hacking of Mark Zuckerberg's Twitter and Pinterest accounts.

9 of 54 comments (clear)

  1. Re: Is there any way to check if your own email... by Anonymous Coward · · Score: 4, Informative

    There's no way to check if your account is on the Twitter account list. That would require knowing the list, which the hacker is selling.
    In general, you should visit https://haveibeenpwned.com/ on occasion to see if your account data was breached.
    Best practice is to have different passwords everywhere, so hackers can't use stolen passwords from one site to login to another site. This is one of the reasons selling accounts is profitable.

  2. This could be a scam by tangent3 · · Score: 3, Interesting

    Someone claims this is a scam - the accounts were actually sourced from tumblr and linkedin leaks
    https://jesterscourt.cc/member...

    1. Re:This could be a scam by djsmiley · · Score: 2

      Sourced and then tested... doesn't make it a scam.

      --
      - http://www.milkme.co.uk
  3. Re:Should we dump our old account and set up new o by Anonymous Coward · · Score: 3, Informative

    Yes to 1, no to 2.

  4. Re:again...? by djsmiley · · Score: 2

    Or just setup the automated emails...

    --
    - http://www.milkme.co.uk
  5. Wrong attribution by softnewsit · · Score: 3, Informative

    Tessa88 was the benefactor that gave the data to LeakedSource. He's not the hacker. Way to go ZDNet. You just blamed an innocent person. https://www.leakedsource.com/b...

    --
    Go away!
  6. This isn't just Twitter by Simon+Brooke · · Score: 2

    If it's true that the passwords have been harvested by malware which uploads the victim's browser's password cache, then this is not just Twitter. It's every site you use. The lesson, if you create websites which require authentication, outsource the authentication function to OpenID providers who have three factor authentication (e.g. Google) - or implement three factor authentication infrastructure yourself, which is not trivial.

    --
    I'm old enough to remember when discussions on Slashdot were well informed.
  7. Re:People who do this should be killed by ShanghaiBill · · Score: 2

    Seriously, find out who this guy is, arrest him, destroy his data, and execute him.

    I assume you mean the idiot at Twitter who thought it was acceptable to store plain text passwords in a database. A server should never even see a plain text password. Passwords should be salted and encrypted in the browser, using SHA-256 or stronger, before being transmitted to the server.

  8. Re:Why do Slashdot users continually defend hacker by ShanghaiBill · · Score: 3, Insightful

    It's as if Slashdot users approve and encourage this type of behavior. Why?

    Because the solution to the problem is better security, not more ethical hackers. Hackers will hack, regardless of the severity of the punishment. How many hackers do you think will be dissuaded by stern disapproval from Slashdot?