Categories: Mobile AppsMobility

Twitter Resets Passwords But Denies Server Hack Took Place

Twitter has locked accounts of users whose passwords were exposed in a database of up to 32 million login details, but continues to deny credentials were obtained in an attack on its servers.

An information dump of more than 32 million accounts, including email addresses, usernames and passwords in plain text, was uploaded by breach notification website LeakedSource earlier this week.

Michael Coates, trust and information security officer at Twitter, said the company had investigated reports of a breach and analysed the data involved and decided to take measures to protect the security of its user base.

Twitter password breach

“We’ve investigated claims of Twitter @names and passwords available on the ‘dark web,’ and we’re confident the information was not obtained from a hack of Twitter’s servers,” he said.

“The purported Twitter @names and passwords may have been amassed from combining information from other recent breaches, malware on victim machines that are stealing passwords for all sites, or a combination of both. Regardless of origin, we’re acting swiftly to protect your Twitter account.

“In each of the recent password disclosures, we cross-checked the data with our records. As a result, a number of Twitter accounts were identified for extra protection. Accounts with direct password exposure were locked and require a password reset by the account owner.”

Coates added that Twitter used HTTPS encryption and stored credentials using bcrypt and that location, device and login history details were used to identify suspicious behaviour. If it believes credentials are exposed – it sends a password reset notification. He suggested Twitter users have a strong password that isn’t used for any other site and use a password manager like LastPass – although that service had had its own security issues in the past.

Password woes

“If your Twitter information was impacted by any of the recent issues – because of password disclosures from other companies or the leak on the ‘dark web’– then you have already received an email that your account password must be reset,” Coates added.

“Your account won’t be accessible until you do so, to ensure that unauthorized individuals don’t have access.”

Recently, LinkedIn was forced to invalidate the passwords of over 100 million user accounts after a hacker allegedly put the details up for sale online.

The breach even affected Facebook CEO Mark Zuckerberg, who apparently used the same login information for his LinkedIn account as several other social media pages, allowing hackers to gain access to his Pinterest and Twitter accounts.

Facebook and Netflix, neither of whom have suffered any recent breach, have reset some passwords amid concerns that login details leaked in other attacks were also used to access their sites.

Are you a security guru? Try our quiz!

Steve McCaskill

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Recent Posts

UK Government Partners Anthropic AI To Improve Public Services

Anthropic confirms Memorandum of Understanding (MOU) signed with UK government to explore use of AI…

3 days ago

ARM Shares Rise Amid Report Meta Will Purchase Its First Chip

British chip designer ARM Holdings is reportedly developing its own chip, and Meta is one…

3 days ago

TikTok Returns To Apple, Google Stores In US

TikTok returns to app stores of both Apple and Google in the United States, after…

3 days ago

Meta To Show Marketplace Ads From Rival Ad Providers

After huge fine, Meta launches 'Facebook Marketplace Partner Program' so rival service providers can list…

3 days ago

Improved Indoor Connectivity Could Add Billions To UK Economy – Survey

New research from Freshwave finds a better mobile signal indoors could grow the UK economy…

3 days ago

Musk Says He Will Withdraw OpenAI Bid If It Remains Non-Profit

Elon Musk says he will abandon $97.4 billion offer to buy the non-profit behind OpenAI…

4 days ago