Twitter has locked some accounts following reports that log-in details for millions of users were on sale.<\/p>\n
On Thursday reports surfaced that a Russian hacker called Tessa88 was asking for 10 bitcoins (\u00a34,000) for access to a list of 32 million names.<\/p>\n
In a blogpost, Twitter said it was confident that the data had not come from a hack attack on its servers.<\/p>\n
But after scrutinising the list, it had locked some accounts and users would need to reset their passwords.<\/p>\n
“The purported Twitter @names and passwords may have been amassed from combining information from other recent breaches, malware on victim machines that are stealing passwords for all sites, or a combination of both,” wrote Michael Coates, chief security officer at Twitter, in the blogpost.<\/p>\n
Security firm Leaked Source, which first shared information about the list, said its analysis suggested the information came from PCs infected with data-stealing malware.<\/p>\n
‘Skeptical’<\/strong><\/p>\n Twitter’s cross-checking of the list showed that some of the log-in data being offered was real, said Mr Coates, and led to the micro-blogging service locking those accounts and forcing a password reset.<\/p>\n He said Twitter had taken similar action in recent weeks as data from other breaches became publicly available.<\/p>\n He did not say how many of the supposedly stolen log-ins were legitimate or how many accounts had been locked.<\/p>\n Some security experts have expressed doubt about whether all the information in the list of 32 million log-in names is genuine.<\/p>\n Per Thorsheim, who advises companies about security and safe log-in procedures, said he was “sceptical” about the data but added that he had not had chance to look through it himself.<\/p>\n “A 32 million leak doesn’t make sense,” he said. “It could be a very old leak from when Twitter only had 32 million users, it could be a chunk of the full dataset from a recent breach or what I usually think – it’s just made-up junk.”<\/p>\n Troy Hunt, who maintains an online repository of breach data, told technology news site Ars Technica that he too had his doubts about the list.<\/p>\n “I’m highly sceptical that there’s a trove of 32 million accounts with legitimate credentials for Twitter,” he said. “The likelihood of that many records being obtained independently of a data breach and them being usable against active Twitter accounts is extremely low.”<\/p>\n The sale of the Twitter list comes in the wake of a series of “mega-breaches” which have seen data stolen from companies many years ago now being widely shared. More than 600 million passwords feature in the massive data dumps.<\/p>\n Cyberthieves are keen to get at this data because many people reuse log-in names and passwords so finding a working combination on one service may unlock many others.<\/p>\n –<\/p>\n Source: BBC<\/p>\n","protected":false},"excerpt":{"rendered":" Twitter has locked some accounts following reports that log-in details for millions of users were on sale. On Thursday reports surfaced that a Russian hacker called Tessa88 was asking for 10 bitcoins (\u00a34,000) for access to a list of 32 million names. In a blogpost, Twitter said it was confident that the data had not […]<\/p>\n","protected":false},"author":14,"featured_media":221917,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[106],"tags":[],"yoast_head":"\n