Hacker sells login credentials to 33 million Twitter users for ten bitcoins

A hacker claims to be in possession of millions of login data from Twitter accounts and sells them for ten bitcoins, which is currently about 5100 euros. After analysis by LeakedSource, it appears that this concerns 32.8 million accounts.

ZDNet reports that a hacker “with connections to the recent LinkedIn, MySpace and Tumblr hacks” and known as “Tessa88” in a chat claimed to have had the Twitter data since 2015. The site LeakedSource analyzed the database and concluded that the data did not come from a data breach at Twitter, but was obtained from users through malware. This malware allegedly stole the credentials directly from the browser, where they were stored unencrypted, according to the site.

The hacker claims to have 379 million account details, but Leaked Source says that without duplications, it concerns 32.8 million unique accounts. Twitter claims to have around 310 million active users each month. The data concerns e-mail addresses and unencrypted passwords. These have been verified by LeakedSource on 15 different users. ZDNet has also checked a number of passwords.

Security researcher Troy Hunt stays skeptical, stating that there is no reason to believe this data is real just because several major sites were recently found to have data breaches. In a message to ZDNet, a Twitter spokesperson referred to the recent hacks and emphasized the importance of users using unique passwords.