Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Bitcoin Security Twitter Communications Facebook Network Networking Privacy Social Networks The Almighty Buck The Internet Wireless Networking News Technology

Russian Hacker Selling Information of 32 Million Twitter Accounts, Report Says (zdnet.com) 54

An anonymous reader writes: The hacker who has links to the recent Myspace, LinkedIn, and Tumblr data breaches, is claiming to have obtained a database of millions of Twitter accounts. The data reportedly includes addresses, usernames, and plain-text passwords of 379 million Twitter accounts. The hacker, Tessa88, wants 10 bitcoins, or about $5,820 for the cache. On Wednesday, LeakedSource claimed that the real number of accounts was just under 33 million, which is more than 10 percent of Twitter's monthly active accounts. This follows the hacking of Mark Zuckerberg's Twitter and Pinterest accounts.
This discussion has been archived. No new comments can be posted.

Russian Hacker Selling Information of 32 Million Twitter Accounts, Report Says

Comments Filter:
  • ...is on the list?

    Or more generally, is there a reputable website that provides this service already?

    • by Anonymous Coward on Thursday June 09, 2016 @04:05AM (#52280029)

      There's no way to check if your account is on the Twitter account list. That would require knowing the list, which the hacker is selling.
      In general, you should visit https://haveibeenpwned.com/ on occasion to see if your account data was breached.
      Best practice is to have different passwords everywhere, so hackers can't use stolen passwords from one site to login to another site. This is one of the reasons selling accounts is profitable.

  • >> 32 million Twitter accounts

    OK, let me make the opening bid. I'll give you $0.32 for all of 'em, since about 70% are probably dormant, another 20% are hooked up to broadcast services, 9% are chatbots, and the rest are probably morons for using easily-guessable passwords or falling victim to "data entry" phishing attacks.
  • This could be a scam (Score:4, Interesting)

    by tangent3 ( 449222 ) on Thursday June 09, 2016 @04:17AM (#52280055)

    Someone claims this is a scam - the accounts were actually sourced from tumblr and linkedin leaks
    https://jesterscourt.cc/member... [jesterscourt.cc]

  • I paid those fuckers for access, never got one - all searches still return bare numbers without any data - "subscribe to see raw data".

    My five (!) support requests remain unanswered (I sent the first one over four days ago).

    It looks like they indeed have the leaked data, but they are not willing to share it with anyone.

  • It's a good thing I don't have Myspace, LinkedIn, and Tumblr accounts. Twitter? I think I got two of them I started a years ago. At the time I'm sure I had a reason. I get messages on two different email accounts from Twitter, so I figure I have the accounts.

    Maybe I can go cancel them (if it's possible). I see no need for them whatsoever. Or am I missing something?

    • OK so I didn't cancel them, but I did change the passwords. I might want one of both of those accounts some day. Not that it would really matter if they were hacked. There is nothing in my profile, not even my name, so what's the worst that can happen?
  • Wrong attribution (Score:3, Informative)

    by softnewsit ( 4396945 ) on Thursday June 09, 2016 @06:29AM (#52280393) Homepage
    Tessa88 was the benefactor that gave the data to LeakedSource. He's not the hacker. Way to go ZDNet. You just blamed an innocent person. https://www.leakedsource.com/b... [leakedsource.com]
  • If it's true that the passwords have been harvested by malware which uploads the victim's browser's password cache, then this is not just Twitter. It's every site you use. The lesson, if you create websites which require authentication, outsource the authentication function to OpenID providers who have three factor authentication (e.g. Google) - or implement three factor authentication infrastructure yourself, which is not trivial.
    • If it's true that the passwords have been harvested by malware which uploads the victim's browser's password cache, then this is not just Twitter. It's every site you use. The lesson, if you create websites which require authentication, outsource the authentication function to OpenID providers who have three factor authentication (e.g. Google) - or implement three factor authentication infrastructure yourself, which is not trivial.

      Common Sense security mechanisms are trivial.

      Getting the average user or even service provider to adopt it as a matter of default is another matter entirely.

      We'll need the masses to have their identities stolen and force them to spend money on recovering their lives, reputations, and credit ratings before any real adoption is going to take place. Needless to say, the average ignorant user is gonna have to learn the hard way.

      It's like dealing with a fucking teenager. They always know better, right up to th

Per buck you get more computing action with the small computer. -- R.W. Hamming

Working...