Categories: Mobile AppsMobility

Twitter Resets Passwords But Denies Server Hack Took Place

Twitter has locked accounts of users whose passwords were exposed in a database of up to 32 million login details, but continues to deny credentials were obtained in an attack on its servers.

An information dump of more than 32 million accounts, including email addresses, usernames and passwords in plain text, was uploaded by breach notification website LeakedSource earlier this week.

Michael Coates, trust and information security officer at Twitter, said the company had investigated reports of a breach and analysed the data involved and decided to take measures to protect the security of its user base.

Twitter password breach

“We’ve investigated claims of Twitter @names and passwords available on the ‘dark web,’ and we’re confident the information was not obtained from a hack of Twitter’s servers,” he said.

“The purported Twitter @names and passwords may have been amassed from combining information from other recent breaches, malware on victim machines that are stealing passwords for all sites, or a combination of both. Regardless of origin, we’re acting swiftly to protect your Twitter account.

“In each of the recent password disclosures, we cross-checked the data with our records. As a result, a number of Twitter accounts were identified for extra protection. Accounts with direct password exposure were locked and require a password reset by the account owner.”

Coates added that Twitter used HTTPS encryption and stored credentials using bcrypt and that location, device and login history details were used to identify suspicious behaviour. If it believes credentials are exposed – it sends a password reset notification. He suggested Twitter users have a strong password that isn’t used for any other site and use a password manager like LastPass – although that service had had its own security issues in the past.

Password woes

“If your Twitter information was impacted by any of the recent issues – because of password disclosures from other companies or the leak on the ‘dark web’– then you have already received an email that your account password must be reset,” Coates added.

“Your account won’t be accessible until you do so, to ensure that unauthorized individuals don’t have access.”

Recently, LinkedIn was forced to invalidate the passwords of over 100 million user accounts after a hacker allegedly put the details up for sale online.

The breach even affected Facebook CEO Mark Zuckerberg, who apparently used the same login information for his LinkedIn account as several other social media pages, allowing hackers to gain access to his Pinterest and Twitter accounts.

Facebook and Netflix, neither of whom have suffered any recent breach, have reset some passwords amid concerns that login details leaked in other attacks were also used to access their sites.

Are you a security guru? Try our quiz!

Steve McCaskill

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Recent Posts

Online Safety Bill Tweak To Combat Russian Misinformation

Foreign interference and misinformation to be designated a priority offence under Online Safety Bill, the…

20 mins ago

Intel ‘Playing Politics’ Over Delayed Ohio Chip Factory, Alleges Governor

Ohio Governor Mike DeWine alleges Intel's Ohio factory delay is a negotiating tactic, despite Pat…

3 hours ago

Steve Jobs Posthumously Awarded US Medal Of Freedom

President Joe Biden has named Apple co-founder and former CEO Steve Job, as a posthumous…

5 hours ago

Twitter Seeks Judicial Review Of Indian Takedown Order

Clash continues, Twitter court challenge against Indian government order to remove certain content it deems…

5 hours ago

TikTok ‘Halts E-Commerce Expansion Plans’

TikTok reportedly scraps plans to expand TikTok Shop livestream commerce in Europe and US after…

1 day ago

European Parliament Passes Landmark Tech Regulations

European Parliament votes to adopt Digital Markets Act and Digital Services Act, but campaigners warn…

1 day ago