It’s reported that the usernames and passwords of nearly 33 million Twitter accounts have been leaked and are being sold online.
LeakedSource states that the Twitter credentials are being traded on the dark web, and that the dataset it has acquired consists of 32,888,300 records. Where each record may contain: an email address, username, and sometimes a second email and visible password.
According to LeakedSource: “We have very strong evidence that Twitter was not hacked, rather the consumer was.” Explaining that malware present on users’ devices sent saved usernames and passwords from browsers such as Chrome and Firefox back to the hackers.
The explanation offered by LeakedSource appears corroborated by Michael Coates, Twitter’s Trust and Info Security Officer, saying that “we’re confident that our systems have not been breached” and that Twitter itself was not comprised.
It’s said Twitter is presently working with LeakedSource regarding the leaked information and is taking additional steps to protect Twitter users.
Twitter Support is directing Twitter users to report their hacked accounts and file a case report.