Security & Fraud

Hacked Twitter Passwords Are Up For Sale On The Dark Web

The bigger reveal almost seemed inevitable once the news broke that Mark Zuckerberg’s social media accounts had all been hacked.

Looks like he won’t be alone in coming up with some new passwords.

According to reports by ZDNet, a Russian hacker is taking credit for a big, old pile of Twitter account logins. Reports also indicate that they are up for sale on the Dark Web at about 10 bitcoin a pop. In real dollars, that is currently a little under $6,000. LeakedSource, which indexes hacked credentials from data breaches, noted in a blog post that around 32 million emails have gone rogue.

LeakedSource goes on to note that passwords are stored as plain text files, and many seem to be attached to Russian users. That detail indicates that the passwords were stolen from users, as opposed to through a hack into Twitter’s central systems.

The most common Twitter password in the batch? 123456, followed by 123456789, qwerty and password. This means that this may not have been all that high-tech a hack, since some guesswork could have gotten you there.

The greater concern is that users tend to repeat passwords, meaning having one for one site might be a skeleton key for a large swath of a consumer’s digital life.

This news follows a reported LinkedIn hack in May, wherein a Russian hacker was selling 117 million LinkedIn accounts on the Dark Web, though at a bargain price of 5 bitcoin a whack.

A Twitter spokesperson has noted the following of the hack:

“We are confident that these usernames and credentials were not obtained by a Twitter data breach. Our systems have not been breached. In fact, we’ve been working to help keep accounts protected by checking our data against what’s been shared from recent other password leaks.”


New PYMNTS Report: Preventing Financial Crimes Playbook – July 2020 

Call it the great tug-of-war. Fraudsters are teaming up to form elaborate rings that work in sync to launch account takeovers. Chris Tremont, EVP at Radius Bank, tells PYMNTS that financial institutions (FIs) can beat such highly organized fraudsters at their own game. In the July 2020 Preventing Financial Crimes Playbook, Tremont lays out how.

Click to comment