Slashdot Mirror

← Back to Stories (view on slashdot.org)

Twitter Denies Breach of 32 Million Accounts (twitter.com)

Posted by EditorDavid on from the gullible-media? dept.

An anonymous reader writes: "We have investigated reports of Twitter usernames/passwords on the dark web, and we're confident that our systems have not been breached," posted the company's security office, Michael Coates. In a blog post, he wrote that Twitter use HTTPS "everywhere" and secures account credentials with bcrypt, while also watching for suspicious account activity based on location, device type, and login history. Responding to recent reports of 32 million compromised accounts, he blamed malware and also recycled passwords, which mean "a breach of passwords associated with website X could result in compromised accounts at unrelated website Y."

"When so many breaches are announced in a short window of time, it may be natural to assume that any mention of 'another breach' is true and valid. Nefarious individuals leverage this environment in order to either bundle old breached data or repackage accounts from a variety of breaches, and then claim they have login information and passwords for website Z."
A security expert gave the same explanation to InformationWeek. And Brian Krebs recently pointed out that a Tweet claiming 73 million compromised Dropbox accounts was actually just recycling credentials from a 2013 breach at Tumblr. A recent breach of Mark Zuckerberg's Twitter account was attributed to a low-security password.

13 of 28 comments (clear)

  1. ok. by turkeydance · · Score: 1

    it was only 31,999,999.

    1. Re:ok. by sheepleherd · · Score: 1

      it was 32mega accounts, not 32mebi accounts

  2. Of course there was no "breach". by hey! · · Score: 2, Funny

    This is social media we're talking about. Stuff just got inadvertently shared more widely than anticipated.

    --
    Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
  3. Obligatory by Hognoxious · · Score: 1

    Well they would, wouldn't they?

    Famous unquotes of history: "Sure, I bumped the motherfuckers off." -- Al Capone.

    --
    Confucius say, "Find worm in apple - bad. Find half a worm - worse."
  4. maybe somebody has a bunch of fake info by FudRucker · · Score: 1

    and they are trying to sell collections of usernames with fake passwords just to make a few bucks, they are low life bottom feeders looking for a quick buck

    --
    Politics is Treachery, Religion is Brainwashing
    1. Re: maybe somebody has a bunch of fake info by Anonymous Coward · · Score: 1

      Ugh, do people not even read the summary? Twitter let's you log in with an email address and password combination. If the someone used the same email address and password for, say, LinkedIn and Twitter, it would be easy to try all the LinkedIn credentials on Twitter and see if anything works. What is with this baseless and illogical speculation from people on here, especially when it's contrary to the story? Why is it so hard for people to read the summary now?

    2. Re:maybe somebody has a bunch of fake info by ShanghaiBill · · Score: 1

      and they are trying to sell collections of usernames with fake passwords just to make a few bucks, they are low life bottom feeders

      If they are polluting the underworld with fake info and ripping off even more malicious criminals, then that would be a public service.

    3. Re: maybe somebody has a bunch of fake info by FudRucker · · Score: 1

      i am so sorry, i am a Twitter junkie, and i just stopped reading at 140 characters, Twitter ruined me

      --
      Politics is Treachery, Religion is Brainwashing
  5. Re:Some accounts have obviously been hacked by NotInHere · · Score: 1

    Trump often says "I like hispanics". It is always followed by "their leaders are smarter than our leaders, they are ripping us off".

    I doubt this is a troll post, unless you consider Trump to be a twitter troll (which is 100% legitimate although I don't agree with it).

  6. Re:Quite amazing by fuzzyf · · Score: 1

    Retards? Really? That is so.... mature of you.

    If someone hacked twitter they would get away with more accounts than just 32m. So password reuse from any other breach in the last 6 months seems like a fairly credible explaination IMHO.

  7. They are probably mostly by bobstreo · · Score: 1

    social media bots to promote whatever someone pays for.

    Briganding accounts to attack people you don't agree with.

    Command and control/status accounts for botnets.

    Dead drops for data

    Fake celebrities.

    Kind of like twitter in general.

  8. Happened to me by ArchieBunker · · Score: 1

    I created an account a few years ago but never did anything with it. When I did try and login I was now following hundreds of random Russian and Arabic accounts. I have since closed the account.

    --
    Only the State obtains its revenue by coercion. - Murray Rothbard
  9. Far too many services... by grahamtriggs · · Score: 1

    that require registration for no reason, and don't provide or make use of shared identity services.

    If people didn't have so many accounts all over the place, there wouldn't be the password reuse, or so many attack vectors.