Tens of millions of Twitter passwords are being traded on the dark web, according to the hacked information database Leaked Source.
The group said it uncovered 32,888,300 Twitter records online, each of which “may contain an email address, a username, sometimes a second email and a visible password.”
{mosads}But Twitter itself likely wasn’t hacked, Leaked Source said. Instead, consumers were likely infected by a certain kind of malware that sent saved usernames and passwords from browsers like Chrome and Firefox back to the hackers.
“Also, we triple-checked: Mark Zuckerberg isn’t in this data set,” the group noted, an apparent reference to recent reports that the Facebook CEO’s Twitter account was hacked.
Twitter also said its systems were not breached.
“We are confident that these usernames and credentials were not obtained by a Twitter data breach — our systems have not been breached,” a spokesman for Twitter told The Hill.
Security researchers have expressed skepticism that the reportedly leaked credentials are even real.
“I’ve seen nothing verifiable and it’s quite likely a fake,” security researcher Troy Hunt tweeted.
Zuckerberg’s Twitter account, last used in January 2012, posted a tweet Sunday morning that appeared to have been written by the hacker, claiming that the account information was found in a recently exposed database of LinkedIn passwords.
A hacker offered to sell the account information of 117 million LinkedIn users that were stolen as part of a 2012 breach, which appears much worse than originally thought.
Around 6.5 million passwords were posted online when the breach occurred in 2012, although LinkedIn never confirmed the scope of the breach. The company rolled out a mandatory password reset for all accounts it believed were compromised.
The company said it is invalidating the passwords of the accounts impacted and contacting affected members to reset their passwords.
Security experts note that many people use the same password for multiple accounts.
The hackers who infiltrated Zuckerberg’s accounts seem to suggest that they were able to use his LinkedIn login, discovered in the stolen database, to access other accounts belonging to the tech CEO.
The Twitter spokesperson said that it has been working to protect users who may have had their account information exposed by other data breaches.
“We’ve been working to help keep accounts protected by checking our data against what’s been shared from recent other password leaks,” the company said.
–Updated 3:36 p.m.