An unnamed hacker is selling over 32 million Twitter cleartext passwords on the Dark Web for only 10 Bitcoin (~$5,800). Twitter has not released an official statement on this matter yet.
LeakedSource, the company that has obtained the data thanks to a benefactor, says that there are 32,888,300 records included in the data dump, and not 71 million, as the hacker is claiming.
The company adds that the data includes entries with a recent timestamp, but does not believe Twitter got hacked.
Credentials most likely came from a keylogger or password dumper
Based on the evidence found in the way the credentials were stored, LeakedSource believes the source of this leak to be from malware that's capable of dumping passwords from Internet browsers, or by logging keystrokes.
Its researchers reached this conclusion after analyzing some user entries that instead of a password had entries such as "null" or "< blank >."
These are the standard formats used in browsers like Chrome and Firefox when the user sets their browser to remember and store passwords, but during a login attempt, they hit Enter without writing a password, creating a blank entry.
"The join dates of some users with uncrackable (yet plaintext) passwords were recent. There is no way that Twitter stores passwords in plaintext in 2014 for example," the company's experts explain today.
Russian users were the hardest hit
Furthermore, LeakedSource says that the top email domains are from Russian services, leading them to believe it was a malware campaign targeting Russian users mainly.
Over the weekend, Mark Zuckerberg had his Twitter and Pinterest accounts hacked. LeakedSource says that this was not the source of the hack since his username or email was not included in the 32 million credentials dump.
Previously, hackers had been selling data obtained from hacking services such as MySpace (427,484,128 records), LinkedIn (167,370,940 records), Tumblr (65,469,298 records), VK.com (100,544,934 records).
Below is LeakedSource's breakdown of the leaked data, with a list of top 25 most popular passwords and top 25 most popular email domains.
Rank | Password | Frequency |
---|---|---|
1 | 123456 | 120,417 |
2 | 123456789 | 32,775 |
3 | qwerty | 22,770 |
4 | password | 17,471 |
5 | 1234567 | 14,401 |
6 | 1234567890 | 13,799 |
7 | 12345678 | 13,380 |
8 | 123321 | 13,161 |
9 | 111111 | 12,138 |
10 | 12345 | 11,239 |
11 | 123123 | 11,099 |
12 | 9-11-1961 | 10,444 |
13 | 9111961 | 10,231 |
14 | 000000 | 10,124 |
15 | 666666 | 9,264 |
16 | 555555 | 8,586 |
17 | 1q2w3e4r5t | 8,386 |
18 | 654321 | 8,358 |
19 | 1234 | 8,257 |
20 | gfhjkm | 7,773 |
21 | 7777777 | 7,659 |
22 | 222222 | 6,696 |
23 | cepetsugih | 6,603 |
24 | 777777 | 6,539 |
25 | 999999 | 6,428 |
Rank | Email Domain | Frequency |
---|---|---|
1 | @mail.ru | 5,028,220 |
2 | @yahoo.com | 4,714,314 |
3 | @hotmail.com | 4,520,434 |
4 | @gmail.com | 3,302,205 |
5 | @yandex.ru | 1,020,757 |
6 | @aol.com | 586,661 |
7 | @rambler.ru | 428,084 |
8 | @bk.ru | 374,855 |
9 | @list.ru | 291,403 |
10 | @inbox.ru | 260,957 |
11 | @hotmail.fr | 196,206 |
12 | @hotmail.co.uk | 193,357 |
13 | @msn.com | 188,220 |
14 | @live.com | 163,167 |
15 | @comcast.net | 145,737 |
16 | @yahoo.co.uk | 104,183 |
17 | @ymail.com | 99,358 |
18 | @yahoo.fr | 85,964 |
19 | @sbcglobal.net | 84,830 |
20 | @ukr.net | 78,879 |
21 | @yahoo.co.in | 72,953 |
22 | @web.de | 67,010 |
23 | @yahoo.co.id | 62,247 |
24 | @libero.it | 60,294 |
25 | @ya.ru | 57,080 |