The latest data breach follows a period of incessant and destructive attacks by hackers on major social media platforms. Back in April, a number of Spotify accounts were hacked and were made available on Pastebin. User account details stolen by hackers from Spotify include e-mail addresses, usernames, passwords and type of accounts. Just like Twitter, Spotify lashed out at such reports and claimed that it had not been hacked and that all user accounts were secure. However, a lot of Spotify users had written to TechCrunch, claiming that their accounts were hacked.
Spotify user data hacked and exposed on Pastebin
Earlier today, a breach notification website named LeakedSource revealed that as many as 32,888,300 Twitter accounts along with usernames, e-mail accounts and passwords were available on the dark web for all to see. The website uploaded a copy of the data in its searchable pages to prove that its claims were verifiable and has also verified the leaked credentials with fifteen Twitter users. However, Twitter is adamant.
We have investigated reports of Twitter usernames/passwords on the dark web, and we're confident that our systems have not been breached.— Michael Coates ? (@_mwc) June 9, 2016
We have investigated reports of Twitter usernames/passwords on the dark web, and we're confident that our systems have not been breached.
"We are confident that these usernames and credentials were not obtained by a Twitter data breach – our systems have not been breached. In fact, we've been working to help keep accounts protected by checking our data against what's been shared from recent other password leak," a Twitter spokesperson told Tech Crunch.
Twitter's claims must be legitimate as the leaked passwords appeared in plain text and the company doesn't follow the practice of saving passwords in plain text. LeakedSource admitted to the fact that the source of the leak may not be Twitter itself.
We securely store all passwords w/ bcrypt. We are working with @leakedsource to obtain this info & take additional steps to protect users.— Michael Coates ? (@_mwc) June 9, 2016
We securely store all passwords w/ bcrypt. We are working with @leakedsource to obtain this info & take additional steps to protect users.
"Passwords were stolen directly from consumers, therefore they are in plaintext with no encryption or hashing. Remember that Twitter probably doesn't store the passwords in plaintext, Chrome and Firefox did," said LeakedSource.
Firefox browser lets you preserve your browsing history from third parties
"The join dates of some users with uncrackable (yet plaintext) passwords were recent. There is no way that Twitter stores passwords in plaintext in 2014 for example. The top email domains don't match up to a full database leak, more likely the malware was spread to Russians," the site added. At the moment, Twitter is working with LeakedSource to obtain leaked credentials and is taking additional steps to protect users.
If the issues lies within browsers instead of social networking apps, then it would be wise not to allow browsers to save passwords or usernames. With hacker getting access to the latest tools to overcome security settings, we have witnessed a large number of systematic hacks as well as access-denying DDoS attacks on major websites and services like BBC, Ashley Madison, V-Tech, Hello Kitty and servers of Oxford and Cambridge universities in the last one year.