Various media sources reported on Thursday that around 33 million Twitter Inc TWTR account passwords have been leaked and are now being sold on the dark web.
According to Tech Crunch, Twitter denied the report and said that it is "confident that these usernames and credentials were not obtained by a Twitter data breach."
On Thursday night, Twitter notified millions of users that their accounts were at risk of being taken over after news surfaced that a database containing 33 million usernames and passwords does exist.
"The purported Twitter @names and passwords may have been amassed from combining information from other recent breaches, malware on victim machines that are stealing passwords for all sites, or a combination of both," Twitter's Trust & Information Security Officer Michael Coates said in a blog post. "Regardless of origin, we're acting swiftly to protect your Twitter account."
Coates added that accounts with direct password exposure were locked and now require a password reset by the rightful owner. The accounts won't be accessible until the owner does so to "ensure that unauthorized individuals don't have access."
"When so many breaches are announced in a short window of time, it may be natural to assume that any mention of 'another breach' is true and valid," the blog also said. "Nefarious individuals leverage this environment in order to either bundle old breached data or repackage accounts from a variety of breaches, and then claim they have login information and passwords for website Z. We take security concerns seriously, and investigate issues as they arise, but everyone should also scrutinize the merits of any credential claim. We're always focused on the issues that present a real threat to account security."
© 2024 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.
Comments
Trade confidently with insights and alerts from analyst ratings, free reports and breaking news that affects the stocks you care about.