Twitter Resets Passwords After Stolen Data Appears Online

Twitter has locked all affected accounts; if yours is among them you should have already received an email.

Twitter announced today that it has reset an unspecified number of accounts after tens of millions of user credentials were discovered on the Dark Web.

Last week we saw how a hacker had obtained 171 million user accounts associated with social networking giant, VK.com, he largest European online social networking service with over 350 million users.

Today, Twitter reiterated that the leak did not result from a hack of its servers. Instead, the hackers amassed the stolen credentials by combining information from other recent breaches and via password-stealing malware on victims' machines.

"Regardless of origin, we're acting swiftly to protect your Twitter account," Twitter Trust and Information Security Officer Michael Coates wrote in a blog post.

Twitter's security team cross-checked the information from this and other recent leaks with the company's records and identified a number of accounts with exposed passwords. Twitter has locked all affected accounts; if yours is among them you should have already received an email, and will need to need to reset your password.

"The recent prevalence of data breaches from other websites is challenging for all websites — not just those breached," Coates wrote. "Attackers mine the exposed username, email and password data, leverage automation, and then attempt to automatically test this login data and passwords against all top websites. If a person used the same username and password on multiple sites then attackers could, in some situations, automatically take over their account."

Source