Credentials of 32 Million Twitter Accounts Go on Sale on the Dark Web


Online security is one big issue and the accounts we register usually are secured with passwords. Since some of these accounts are personal, breaching them means a lot of personal information is in the mercy of a hacker or a group of hackers in another part of the world.

According to Zdnet, there is a Russian hacker who claims to be selling Twitter accounts in their millions on the dark web. An analysis by Leaked Source revealed that were able to determine that the data contains over 32 million records which either contain an email address, username and sometimes a second email and a visible password. Apparently, these accounts are for sale for 10 bitcoins, which is over $5,800

However, it was pointed out that it was highly unlikely that Twitter was breached but apparently the information was real since they asked 15 people to verify them and they all verified their passwords.

The explanation given could be that a lot of people were probably affected by malware which sent those saved usernames and passwords from popular browsers like Chrome and Firefox to hackers. The interesting news is the choice of passwords Twitter users have for their accounts. Unbelievably, 123456, 123456789 and qwerty occupy the first three spots in terms of frequency within the data set as provided by the publication.

Rank Password frequency
1 123456 120,417
2 123456789 32,775
3 qwerty 22,70
4 password 17,471
5 1234567 14401
6 1234567890 13,799
7 12345678 13,380
8 123321 13,161
9 111111 12,138
10 12345 11,239

There is also data of the top email domains contained in the leaked data set which includes popular free emails and apparently over 3000 emails that end in .gov which is quite concerning.

About the data breach, The Next Web obtained a statement from Twitter via a spokesperson:

We are confident that these usernames and credentials were not obtained by a Twitter data breach- our systems have not been breached. In fact, we’ve been working to help keep accounts protected by checking our data against what’s been shared from recent other password leaks.

If you want to check if your account is among the ones in the data leaked, you can head up to Leaked Source homepage and query on their extensive database.