There is yet another hack for users of popular social media sites to worry about. More than 32 million Twitter credentials may have been stolen by hackers and are now being sold on the dark web.
LeakedSource, a site with a search engine of hacked information, said in a blog post that it received a copy of the user information from “Tessa88@exploit.im,” the same alias used by the person who gave it hacked data from Russian social network VK last week.
Other major security compromises which have hit the news recently include a Myspace hack that involved over 360 million accounts, possibly making it the largest one ever, and the leak of 100 million LinkedIn passwords stolen in 2012.
The new Twitter hack, which LeakedSource says has 32,888,300 records containing email addresses, usernames, and passwords, has been added to the site’s search engine, which is paid but lets people remove leaked information for free.
Based on information in the data (including the fact that many users had their passwords displayed in plaintext), LeakedSource believes that the user credentials were collected by malware infecting browsers like Firefox or Chrome. Many of the affected users appear to be in Russia—six of the top 10 email domains represented in the database are Russian, including mail.ru and yandex.ru.
Even though Mark Zuckerberg got several of his non-Facebook social media accounts, including Twitter, hacked this week, his information wasn’t included in this data set. Zuckerberg was ridiculed for appearing to reuse “dadada” as his password on multiple sites, but results from LeakedSource’s data analysis shows that many people are much less creative. The most popular password, showing up 120,417 times, was “123456,” while “password” appears 17,471 times. An analysis of the VK data also turned up similar results.
TechCrunch has contacted Twitter for more information.