The recently leaked database containing nearly 33 million Twitter login credentials, including passwords in plain text, is definitely the real deal.
In a blog post Friday, Twitter confirmed it started warning users whose accounts may have been affected, as well as locking some accounts and sending a password reset request to the account owners.
Twitter maintains the stolen passwords were not the result of a hack, but have rather been “amassed from combining information from other recent breaches, malware on victim machines that are stealing passwords for all sites, or a combination of both.”
The post doesn’t say how many users were affected; only that “a number of Twitter accounts were identified for extra protection.” However, Twitter confirmed to the Wall Street Journal that the number is “in the millions.”
Leakedsource, a site that collects stolen login credentials and puts them in an online database, said Wednesday this particular leak contains 32,880,300 Twitter credentials.
The leak follows a string of high-profile Twitter accounts being hacked, including those belonging to Katy Perry, Drake, Mark Zuckerberg and Evan Williams. It’s hard to say whether those hacks are related to this latest password leak; a recently unearthed stash of LinkedIn usernames and passwords, dating from 2012, could also be to blame as many users tend to use the same password on multiple sites.
To protect your social accounts from hackers, you should follow a few simple rules: Use a password that’s hard to guess or crack, never use the same password twice, and use two-factor authentication whenever possible. Here’s our detailed post on the subject.