Data Breach by Malware
LeakedSource, a search engine that collects leaked records, said in a blog post last month that hackers have put up for sale login details of more than 33 million individuals on the dark web, which is part of the deep web whose websites are not indexed by popular search engines.
LeakedSource added that malware had been used to steal the login details of the Twitter users. It is interesting to note that Twitter has over 330 million users that are active in a month.
Users were Infected by Malware
In the event of the sale of 33 million login details of Twitter users, LeakedSource went on to add that Twitter was not breached, but rather tens of millions of users were infected by malware that collected login details from different browsers such as Firefox and Chrome and the malware sent them back to the hackers. The data that was stolen by the malware were purportedly in plaintext and did not contain any hashing or encryption. A majority of the websites including Twitter do not store plaintext passwords.
The Twitter login details were being sold in the dark web for a price of 10 bitcoins ($5,800). LeakedSource noted that it received the copy of the Twitter database from a user with the alias Tessa88.This was the same alias that the hacker used to hack VK.com (a Russian social networking site). Twitter, in an official statement to the media, clarified that their account had not been breached. They added that they are cross-checking all the data against those shared from other data leaks in the recent past. They were also closely working with LeakedSource to protect other users. Twitter also asked users to head over to LeakedSource to find out if their login details were involved in the malware data breach. However, the possibility of the data breaches on LinkedIn and MySpace is not being ruled out by the security experts. LeakedSource said that the data stolen by the malware is genuine as they had cross-checked the details with over 15 individuals who verified that the stolen data was correct.
The record details that have been leaked presumably may include a username, an email address, a password and a second email address in some cases. It may be noted that Twitter has been in the news in the recent past for security issues. A day before this malware data breach was reported, the account of Twitter co-founder Evan Williams was hacked. It was also recently that NFL’s Twitter account was hacked with the hackers using the account to convey the false news of Commissioner Roger Goodell’s demise. Soon after, Brian McCarthy, the league’s Vice President (Communications) tweeted that the news was false, and the commissioner was doing well. Facebook CEO Mark Zuckerberg’s Twitter account was also hacked along with other social media accounts. Last May, Katy Perry’s Twitter account was hacked.
In the meanwhile, Michael Coates, the Information Security Officer at Twitter, said that the company is acting to protect the Twitter accounts of the users affected by the malware data breach. The concerned users affected by the malware have been contacted via email and have been asked to reset their accounts to be able to access them.
At the end of it all, Tod Beardsley, a security researcher at Rapid 7 says that the stolen credentials of over 33 million Twitter users are more worrisome in that the data infected by malware has been taken from browsers’ password stores and not Twitter. The Twitter malware data breach goes on to show that it is not only companies’ data that can be hacked but also that of individuals. He recommends that users should be wary and save their passwords using password management software such as KeePass or LastPass. Password management software work by generating random passwords for the subscriber’s accounts and store them in a central vault that is encrypted. They auto-fill the passwords on websites as and when required.
He feels that most browsers are devoid of proper password access controls which make the browser passwords stores vulnerable with the result that it is easy for malware to access and steal users’ passwords. According to security experts, it is also a good idea to change account passwords regularly. However, this becomes difficult if an individual uses unique passwords.