Twitter has acknowledged that "numerous" usernames and passwords seems to have been leaked. The company says that while it is confident that its own servers haven't been breached, it would appear that the leaks came from attacks on other websites and services.
From the Twitter blog:
We've investigated claims of Twitter @names and passwords available on the "dark web," and we're confident the information was not obtained from a hack of Twitter's servers.
The purported Twitter @names and passwords may have been amassed from combining information from other recent breaches, malware on victim machines that are stealing passwords for all sites, or a combination of both. Regardless of origin, we're acting swiftly to protect your Twitter account.
Twitter says that it has cross-checked its own data with lists of stolen users names and passwords, and locked affected accounts with "direct password exposure," requiring a password reset by the account holder. The company has also outlines some best security practices, such as using strong passwords and turing on login verification, also known as two-factor authentication.
Reader comments
Twitter acknowledges major leak of usernames and passwords
It's too bad that the 2-factor verification only works with Twitters own client. It has also told me, since I turned it off, that my phone number/operator isn't supported. Been like that for over 1 year now...but maybe it's time to see if it will work this time around....
Twitter is letting users generate app-specific passwords, which hopefully will let you set up a different client. Haven't tried it, though.
And these clowns are pushing for verified accounts? No way. We are no where near close to our info being secured.
Rodeo time, time to get er on down the road.
I saw and read that a lot of the accounts used 123456 as the password, so no surprise there. Why anyone uses 12345, 123456 and password1 for real is beyond stupid and deserve to be hacked.
Posted with my S7 edge via the Android Central App
So that is how my account got compromised. Well thank you twitter.
And no, my password isn't 123456 :)
If the username and passwords leak then you can have the strongest password in the world no?
Posted via the Android Central App
I recently started changing all my passwords to randomly generated ones through Lastpass' generator, and I started activating 2-step verification on everything. Though that won't help if the cellular carriers don't beef up their security. Many of the people hacked on Twitter also had their phones deactivated and their cellular accounts hijacked. The hackers called up their carriers posing as the victim and had their sims changed and deactivated, completely bypassing 2-step authentication.