Twitter freezes millions of accounts after passwords leaked
Twitter has locked millions of accounts after stolen passwords were put up for sale by Russian hackers, urging users to reset their passwords.
Password and email combinations stolen in attacks on LinkedIn, Myspace and several other websites have been used to hack into several high-profile Twitter accounts in recent days.
Although Twitter says it has not had a security breach itself, many of its users have been affected, with hackers able to access accounts using the passwords and email addresses stolen from LinkedIn or Myspace.
Since many people use the same passwords across websites, one website being hacked makes them vulnerable on other services.
Hackers have put millions of LinkedIn and Myspace passwords up for sale online in recent days, resulting in accounts on other services being affected. Facebook founder Mark Zuckerberg had his Twitter and Pinterest accounts compromised this week, while Twitter profiles of Katy Perry, Lana Del Rey and even Twitter’s co-founder Evan Williams were affected.
A Russian hacker then claimed to have put 33 million Twitter usernames and passwords up for sale this week after checking other password leaks against the service.
Twitter said it had cross-checked its own records with leaks of millions of passwords being sold on the dark web. If an account was found to be at risk, it has locked access and contacted the user asking them to reset their password. It said millions of accounts had been frozen.
“In each of the recent password disclosures, we cross-checked the data with our records. As a result, a number of Twitter accounts were identified for extra protection. Accounts with direct password exposure were locked and require a password reset by the account owner,” Twitter said.
“If your Twitter information was impacted by any of the recent issues – because of password disclosures from other companies or the leak on the ‘dark web’ – then you have already received an email that your account password must be reset.
“Your account won’t be accessible until you do so, to ensure that unauthorised individuals don’t have access.”
It urged members to use extra security measures such as two-factor authentication, and to use different passwords across its services.