Hacker Claims to Be Selling 32 Million Twitter Passwords on Dark Web

Image: Getty
Image: Getty

Another day, another report that your social-media password could now be for sale on the dark web: a hacker claims to be selling 32 million Twitter log-ins. Twitter, on the other hand, says it wasn’t even hacked and that the information probably comes from other leaks and people using the same password for everything.


LeakedSource claims to have received the Twitter information from the same user, Tessa88, who gave it hacked data from a Russian social-media site earlier. Tessa88 is selling the cache for about 10 bitcoin, or roughly $5,820.

A Twitter official tweeted about the hack and is “confident” that Twitter’s systems weren’t breached, which is sort of comforting, but ultimately useless if indeed someone out there is about to buy our password anyway and it’s all because we also use the same one for LinkedIn. The log-ins probably came from malware on Firefox and Chrome instead of being taken directly from Twitter, according to LeakedSource, which, again, doesn’t help much if your password is among the ones up for sale.

Any of this sound familiar? Clearly, Mark Zuckerberg isn’t the only person who’s been taken down by bad password security, and just last week Myspace said that it’d been hacked and the security information for everyone’s defunct website was up on the dark web.

With big leaks providing passwords (and yes, the most popular ones in today’s case were ‘123456' and ‘password’) for multiple sites, it seems like “hacking” is easier than ever now. In the latest case, there wasn’t even any need to break encryption. Wait long enough, and it’s only a matter of time before enough cross-referencing between leaks just does the trick.



Angela Chen is the morning editor at Gizmodo.


Turbolence1988 Loves Magic Turn Circles

Whew. I just updated my Twitter passwords like a week ago when some Overwatch contest thing posted from my account without my knowledge (probably an old app connection I forgot to kill, but still).

And of course it probably came from browser or phone malware. Safe browsing practices aren’t well-proliferated no matter how many times you tell people. The amount of crapware I found and spent hours cleaning on my mom and pop’s laptops makes me wonder how either of them haven’t given a popup walrus their credit card numbers.

Never mind the fact my pop’s so adamant in doing things the “old-fashioned” way that I shoehorned the AOL 8.0 software onto a Windows 7 x64 system and somehow let it use IE11 for rendering websites...