Twitter denies breach; but says malware may have been responsible for leaked passwords and usernames

Share the joy
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Twitter has many several new developments to make it even more successful in the world of social networking. (Image: via bandwidthblog.com)

Twitter has many several new developments to make it even more successful in the world of social networking. (Image: via bandwidthblog.com)

Whatever it was that happened in the last couple of days got us all worked up and scared—hundreds of thousands of Twitter users scampered to check if their accounts were among those hacked. The fact that Zuckerberg’s Twitter account was compromised earlier in the week didn’t help us either. Now Twitter has allayed our fears and we can now calm our nerves—what happened wasn’t exactly a breach of the platform, but a possible malware attack or something else other than what we thought at first.

Twitter’s response can best be described as swift—the microblogging platform did not only deny a breach had taken place, it gave vital tips to help users out. Twitter did not stop at denying the breach and giving out vital tips; it provided information on what could have led to the password and username leak.

“The purported Twitter @names and passwords may have been amassed from combining information from other recent breaches, malware on victim machines that are stealing passwords for all sites, or a combination of both. Regardless of origin, we’re acting swiftly to protect your Twitter account,” Twitter’s Trust & Information Security Officer Michael Coates said on Friday.

Not a breach at least—but passwords and @names were being sold on the “dark web,” which gives us cause to worry about. To secure accounts and protect its users, Twitter has taken a couple of measures, including locking suspected accounts and or sending emails to them to reset passwords. Could there have been a better means of solving a problem like this? Maybe yes—refusing to use similar password over multiple websites is one of them. This has always been a big issue for a lot of people online—the recent LinkedIn data breach easily comes to mind.

“In each of the recent password disclosures, we cross-checked the data with our records. As a result, a number of Twitter accounts were identified for extra protection. Accounts with direct password exposure were locked and require a password reset by the account owner,” Coates wrote.

The LinkedIn leak and how it has led to other leaks

The whole thing started a couple of weeks back when 117 million accounts belonging to LinkedIn users were placed on sale on the “dark web” by a hacker. The leak, which was the biggest at that time, suddenly led to a chain of other breaches or leaks—including MySpace.

LinkedIn users were advised to change their passwords and check for any suspicious activity that may have taken place in the process. It remains to be seen how many users did that—but recent events point to the fact that attacks on MySpace and Tumblr may have emanated from the LinkedIn data breach.

Twitter continues to keep its users informed on latest happenings as regard security and keeping their accounts safe. Users affected by the password and @name leaks have been sent emails—and if you haven’t received any, then you might just be among the lucky ones whose account was not compromised.

Users whose passwords have not been reset, according to Twitter, will not be able to access their accounts until certain steps have been taken. Go here to find out what you need to do to recover your account from Twitter.

Got something on your mind to say or add to this story? Share it in the comments section.


Share the joy
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Author: Ola Ric

Ola Ric is a professional tech writer. He has written and provided tons of published articles for professionals and private individuals. He is also a social commentator and analyst, with relevant experience in the use of social media services.

Share This Post On