What happened?
A batch of Twitter data containing 32,888,300 records, including email addresses, usernames, and plaintext (non-encrypted) passwords has appeared on the online black market.
Twitter denies they experienced a system data breach. Instead, many believe malware is to blame for the exposure. The computer bug likely infected users’ devices, enabling hackers to siphon login information. It is unclear when this could have taken place.
Twitter has chosen to lock some accounts out of an abundance of caution.
This potential incident follows hundreds of millions of login credentials from LinkedIn, Myspace and Tumblr also appearing on the black market in the past month.
While having your Twitter account exposed is concerning, it’s not the primary threat of the potential Twitter data breach. Like other recent social media leaks, reused passwords should be your foremost worry.
Many hackers don’t seek to access your Twitter account; there’s simply not much to profit from — no saved credit cards, no purchasing abilities, etc.
Instead, hackers hope to use the Twitter data breach information to test these passwords on more lucrative websites, like online banking or email accounts.
Remember, nearly 3 out of 4 consumers reuse passwords, so their scheme is unfortunately pretty profitable.
If you reuse passwords, or ever have, this should be your key concern.
What should you do?
It doesn’t look like this onslaught of social media leaks is going to stop anytime soon. Take proactive measures to secure your Twitter and other online accounts before your leaked passwords put you in some serious identity-related or financial trouble.
- Change your passwords
Passwords should be at least eight characters long and include a complex mix of letters, numbers and symbols. Change your password at least every 90 days and never use the same password across multiple accounts. If you fear or know that your Twitter password was reused on other sites, change those as well. - Watch for phishing emails
Targeted phishing attacks are expected to follow due to the exposure of email addresses. Never provide account information via email and be hesitant to click on links within them, especially if the email appears to be from Twitter. - Lock down your social media accounts
With the plethora of social media leaks, it’s wise to review all of your social media privacy settings, including enabling dual-factor authentication. Find step-by-step instructions in our Social Media Education Center, including a Twitter Privacy Settings Tutorial. - Keep tabs on data breach news
We don’t expect this to be the last batch of social media credentials leaked to the online black market. Plus, with the transition to chip-embedded payment cards, online account compromise are now the breaches of the future as point-of-sale breaches begin to fade out. - Search for your information
LeakedSource has been provided a cache of the stolen Twitter credentials. Use their breach search feature to see if your information was among the exposed.
For more information, please visit our Twitter Privacy Setting Tutorial.