Twitter acknowledges major leak of usernames and passwords

Twitter has acknowledged that "numerous" usernames and passwords seems to have been leaked. The company says that while it is confident that its own servers haven't been breached, it would appear that the leaks came from attacks on other websites and services.

From the Twitter blog:

We've investigated claims of Twitter @names and passwords available on the "dark web," and we're confident the information was not obtained from a hack of Twitter's servers.The purported Twitter @names and passwords may have been amassed from combining information from other recent breaches, malware on victim machines that are stealing passwords for all sites, or a combination of both. Regardless of origin, we're acting swiftly to protect your Twitter account.

Twitter says that it has cross-checked its own data with lists of stolen users names and passwords, and locked affected accounts with "direct password exposure," requiring a password reset by the account holder. The company has also outlines some best security practices, such as using strong passwords and turing on login verification, also known as two-factor authentication.

Joseph Keller
  • From what other outlets were reporitng, this data is a conglomoration of data sourced from many different places and the age of the data has a very large range.  So it is important to know that Twitter was not hacked, most if this data was pulled of ppls machines via malware, among other places as well. Something to be aware of, but from the impression I get reading other sources, this is not a major concern, and more of a case of someone cobbling info together to make a quick buck selling it. Obviosuly all the usual check should be done on your own accounts though.
  • Do they hand out usernames and passwords to third party sites? Why even have unencrypted passwords? Somethings not right
  • More likely the list was obtained from a third party app. One of the reasons I only like to use official apps.
  • Now it's a good time to change Twitter password.
  • It's not that easy to change the password. Why make it so difficult Twitter!!????
  • Just log out and request a forgot password, when u goto sign back
  • Correct me if I'm wrong here, but if the usernames and passwords were obtained from other sources, they are likely passwords to another site that are assumed to work for all your sites, since so many people use the same password everywhere. Therefore, if a person is using a different strong password for every site they visit, then that person should be safe on this one, right?
  • Correct. Its why I use a password manager. No password is the same and all are long with a random mix of numbers, letters, symbols etc.