Slashdot Mirror
Twitter Denies Breach of 32 Million Accounts (twitter.com)
An anonymous reader writes: "We have investigated reports of Twitter usernames/passwords on the dark web, and we're confident that our systems have not been breached," posted the company's security office, Michael Coates. In a blog post, he wrote that Twitter use HTTPS "everywhere" and secures account credentials with bcrypt, while also watching for suspicious account activity based on location, device type, and login history. Responding to recent reports of 32 million compromised accounts, he blamed malware and also recycled passwords, which mean "a breach of passwords associated with website X could result in compromised accounts at unrelated website Y."
"When so many breaches are announced in a short window of time, it may be natural to assume that any mention of 'another breach' is true and valid. Nefarious individuals leverage this environment in order to either bundle old breached data or repackage accounts from a variety of breaches, and then claim they have login information and passwords for website Z."
A security expert gave the same explanation to InformationWeek. And Brian Krebs recently pointed out that a Tweet claiming 73 million compromised Dropbox accounts was actually just recycling credentials from a 2013 breach at Tumblr. A recent breach of Mark Zuckerberg's Twitter account was attributed to a low-security password.
"When so many breaches are announced in a short window of time, it may be natural to assume that any mention of 'another breach' is true and valid. Nefarious individuals leverage this environment in order to either bundle old breached data or repackage accounts from a variety of breaches, and then claim they have login information and passwords for website Z."
A security expert gave the same explanation to InformationWeek. And Brian Krebs recently pointed out that a Tweet claiming 73 million compromised Dropbox accounts was actually just recycling credentials from a 2013 breach at Tumblr. A recent breach of Mark Zuckerberg's Twitter account was attributed to a low-security password.
it was only 31,999,999.
This is social media we're talking about. Stuff just got inadvertently shared more widely than anticipated.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
Well they would, wouldn't they?
Famous unquotes of history: "Sure, I bumped the motherfuckers off." -- Al Capone.
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
and they are trying to sell collections of usernames with fake passwords just to make a few bucks, they are low life bottom feeders looking for a quick buck
Politics is Treachery, Religion is Brainwashing
People reuse passwords frequently. This was probably data harvested from other breaches and tested against Twitter. I suspect that Twitter is correct that they weren't breached, even though the accounts are likely compromised. These credentials shouldn't be up for sale, though, and we need better cooperation through Interpol to arrest and prosecute these criminals. The problem is that the police in countries like Russia won't do a damn thing and it's a haven for criminals. These are professional criminals who deserve to prosecuted as organized crime is, considering the scale of these operations and breaches. We also need widespread use of password management services, one time use passwords, and two factor authentication.
You'd think the head of a huge global social media company would know better than to secure his own social media accounts with the password "dadada".
How these retards live in denial amazes me.
with troll posts, like this one.
twittertwat.
If you can find the account it belongs to, it's yours.
social media bots to promote whatever someone pays for.
Briganding accounts to attack people you don't agree with.
Command and control/status accounts for botnets.
Dead drops for data
Fake celebrities.
Kind of like twitter in general.
to pass the turing test by other means. if you can't raise the quality of the ai lower the bar for passing for human...
Given unusual amount of Russian email accounts linked to twitter accounts, and vk's recent 100M breach with cleartext passwords; this is most likely due to someone trying out vk credentials against twitter and got through. One more reason to use unique passwords across sites.
So, let's see.
Each time Twitter is hacked, they spend $1,000,000 dollars (US) to payoff media friendly "security experts" and business info sites like TheStreet (such as Jim Cramer) to say nice things about Twitter, how long does Twitter have before they burn through their cash?
1 Month?
1 Week?
1 Day?
Ha ha
I created an account a few years ago but never did anything with it. When I did try and login I was now following hundreds of random Russian and Arabic accounts. I have since closed the account.
Only the State obtains its revenue by coercion. - Murray Rothbard
You can but if there are covert government agents hired into these big companies how will you prevent the untrusted to be trustworthy with your data? This is true across all aspects of data collection. There are reasons there are laws against unreasonable searches. It isn't just because the searches are time consuming. They would be paid literally by your tax dollars to do it.
It is because they can use your data to render you crippled and fuck you up. So why did you give it up in the first place? baaaaaaad sheeeeeep.
https://en.wikipedia.org/wiki/Motives_for_spying
that require registration for no reason, and don't provide or make use of shared identity services.
If people didn't have so many accounts all over the place, there wouldn't be the password reuse, or so many attack vectors.