Twitter accounts locked after 32 million logins offered online


A number of Twitter users have had their accounts locked by the company after a hacker claimed to be selling many millions of login details online.

A Russian hacker, who goes by the name Tessa88, is reported to have offered more than 32 million login details for Twitter online, apparently selling them for 10 bitcoins (around £4,000). The Russian has also been linked to the recent data leaks of LinkedIn, MySpace and Tumblr users.

Twitter itself has not been breached by the cybercriminal, but there have been mass data breaches lately after millions of account details for LinkedIn were leaked following a hack in 2012. Many people will have used the same password across different websites, and so hackers will be able to gain access fairly easily to a range of platforms, if they successfully got hold of a person’s LinkedIn account information.

The result is that Twitter has taken the decision to lock accounts where its own research has identified possible breaches, and emailed the owner telling them to change their password.

Twitter released a blog post in response, saying: “In each of the recent password disclosures, we cross-checked the data with our records. As a result, a number of Twitter accounts were identified for extra protection. Accounts with direct password exposure were locked and require a password reset by the account owner.

“If your Twitter information was impacted by any of the recent issues – because of password disclosures from other companies or the leak on the ‘dark web’ – then you have already received an email that your account password must be reset.

“Your account won’t be accessible until you do so, to ensure that unauthorised individuals don’t have access.”

This latest data breach is a reminder that you should regularly change your passwords, and that you should use different passwords for different platforms. A combination of lower-case and upper-case letters should be used, as well as numbers and special characters. Avoid obvious, weak passwords, and don’t use proper words either.