LeakedSource has published a searchable database that has the credentials of millions of user accounts from different social networks on the web. The latest addition to the leaked database of user credentials is claimed to be a massive leak of Twitter user data.
LeakedSource says that users who search and find their own twitter information in the database can have it removed for free. The current data set has 32,888,300 records with each record containing an email, username, and some entries have a second email and visible password. LeakedSource claims that “very strong” evidence suggests that the users were hacked not Twitter.
The personal hacks are believed to have been caused by malware on computers where saved passwords from Chrome and Firefox were sent to hackers from all websites that the user had visited. Evidence appears to show that the malware was spread predominantly to Russian users. LeakedSource notes it only shows the first three characters of passwords along with a form that allows users to verify if they have been leaked.
A list of the top passwords shows that many users are still using insanely simple passwords with no security whatsoever. The most frequent twitter password in the database is 123456. The largest email domain of the hacked users is @mail.ru with the next three being yahoo.com, hotmail.com, and gmail.com. While not in the top email domains list, the site notes that there are over 3,000 .gov email addresses. One takeaway here is that it’s not only companies that have to worry about hackers; individuals can be easily hacked and in many cases much more easily hacked than major companies. Beware what you download; malware can steal all your passwords.