Twitter: credential leak not from server breach, we’re taking action

The microblogging platform is working on damage control after a massive credential leak left about 33 million Twitter accounts’ user information out in the open.

Michael Coates, Trust & Information Security Officer, stated in a blog post that the company is “confident the information was not obtained from a hack of Twitter’s servers.” Coates theorizes that the credentials could’ve been obtained from an amalgamation of data from past breaches of other sites and/or malware that reads browser-stored passwords.

The company took action:

In each of the recent password disclosures, we cross-checked the data with our records. As a result, a number of Twitter accounts were identified for extra protection. Accounts with direct password exposure were locked and require a password reset by the account owner.

Twitter is working with LeakedSource, which published a searchable database (but not any identifying information) of the cache it got from a Russian hacker:

Twitter doesn’t shoulder blame for the leak, but it is taking a very proactive measure in patching it up and reminding users that their passwords shouldn’t be “123456789“.

Source: Twitter
Via: Android Central

Discuss This Post

Read More

Share This Post

Watch the Latest Pocketnow Videos

About The Author
Jules Wang
Jules Wang is News Editor for Pocketnow and one of the hosts of the Pocketnow Weekly Podcast. He came onto the team in 2014 as an intern editing and producing videos and the podcast while he was studying journalism at Emerson College. He graduated the year after and entered into his current position at Pocketnow, full-time.