Twitter Denies Breach of 32 Million Accounts (twitter.com) 28
An anonymous reader writes: "We have investigated reports of Twitter usernames/passwords on the dark web, and we're confident that our systems have not been breached," posted the company's security office, Michael Coates. In a blog post, he wrote that Twitter use HTTPS "everywhere" and secures account credentials with bcrypt, while also watching for suspicious account activity based on location, device type, and login history. Responding to recent reports of 32 million compromised accounts, he blamed malware and also recycled passwords, which mean "a breach of passwords associated with website X could result in compromised accounts at unrelated website Y."
"When so many breaches are announced in a short window of time, it may be natural to assume that any mention of 'another breach' is true and valid. Nefarious individuals leverage this environment in order to either bundle old breached data or repackage accounts from a variety of breaches, and then claim they have login information and passwords for website Z."
A security expert gave the same explanation to InformationWeek. And Brian Krebs recently pointed out that a Tweet claiming 73 million compromised Dropbox accounts was actually just recycling credentials from a 2013 breach at Tumblr. A recent breach of Mark Zuckerberg's Twitter account was attributed to a low-security password.
"When so many breaches are announced in a short window of time, it may be natural to assume that any mention of 'another breach' is true and valid. Nefarious individuals leverage this environment in order to either bundle old breached data or repackage accounts from a variety of breaches, and then claim they have login information and passwords for website Z."
A security expert gave the same explanation to InformationWeek. And Brian Krebs recently pointed out that a Tweet claiming 73 million compromised Dropbox accounts was actually just recycling credentials from a 2013 breach at Tumblr. A recent breach of Mark Zuckerberg's Twitter account was attributed to a low-security password.
ok. (Score:2)
Re: (Score:1)
Of course there was no "breach". (Score:3, Funny)
This is social media we're talking about. Stuff just got inadvertently shared more widely than anticipated.
Obligatory (Score:2)
Well they would, wouldn't they?
Famous unquotes of history: "Sure, I bumped the motherfuckers off." -- Al Capone.
maybe somebody has a bunch of fake info (Score:2)
Re: maybe somebody has a bunch of fake info (Score:1)
Ugh, do people not even read the summary? Twitter let's you log in with an email address and password combination. If the someone used the same email address and password for, say, LinkedIn and Twitter, it would be easy to try all the LinkedIn credentials on Twitter and see if anything works. What is with this baseless and illogical speculation from people on here, especially when it's contrary to the story? Why is it so hard for people to read the summary now?
Re: (Score:2)
Re: (Score:2)
and they are trying to sell collections of usernames with fake passwords just to make a few bucks, they are low life bottom feeders
If they are polluting the underworld with fake info and ripping off even more malicious criminals, then that would be a public service.
Quite amazing (Score:1)
How these retards live in denial amazes me.
Re: (Score:2)
If someone hacked twitter they would get away with more accounts than just 32m. So password reuse from any other breach in the last 6 months seems like a fairly credible explaination IMHO.
Re: (Score:2)
Trump often says "I like hispanics". It is always followed by "their leaders are smarter than our leaders, they are ripping us off".
I doubt this is a troll post, unless you consider Trump to be a twitter troll (which is 100% legitimate although I don't agree with it).
They are probably mostly (Score:2)
social media bots to promote whatever someone pays for.
Briganding accounts to attack people you don't agree with.
Command and control/status accounts for botnets.
Dead drops for data
Fake celebrities.
Kind of like twitter in general.
Happened to me (Score:2)
I created an account a few years ago but never did anything with it. When I did try and login I was now following hundreds of random Russian and Arabic accounts. I have since closed the account.
Far too many services... (Score:2)
that require registration for no reason, and don't provide or make use of shared identity services.
If people didn't have so many accounts all over the place, there wouldn't be the password reuse, or so many attack vectors.