The Spokesman-Review Newspaper
The Spokesman-Review Newspaper The Spokesman-Review
Spokane, Washington  Est. May 19, 1883
Current Temperature
49°F
Current Conditions
Scattered clouds
View complete weather report
Subscribe now

Twitter freezes some accounts after millions of credentials appear online

By Levi Sumagaysay Tribune News Service

Amid reports that more than 32 million Twitter logins and passwords are for sale online, the company on Friday said it was not attacked, but that it had to freeze some accounts.

“The purported Twitter @names and passwords may have been amassed from combining information from other recent breaches, malware on victim machines that are stealing passwords for all sites, or a combination of both,” Michael Coates, trust and information security officer, wrote in a blog post dated Friday.

Coates said the San Francisco microblogging company has notified users whose “accounts were identified for extra protection,” and some users were asked to reset their passwords. He did not say how many were affected, but the Wall Street Journal reports that the number is in the millions.

Earlier this week, a data set containing nearly 33 million purported Twitter credentials was published on the website of LeakedSource, which calls itself “a search engine capable of searching over 1.8 billion leaked records” from “hundreds of disparate sources.”

Reported high-profile Twitter account hacks and takeovers this week include those of Facebook CEO Mark Zuckerberg, the National Football League – which falsely tweeted that NFL Commissioner Roger Goodell had died – and Twitter co-founder Evan Williams.

In its blog post, Twitter urged users to take steps to help secure their accounts, including enabling login verification and using strong passwords. The company also noted that its pain is a shared pain – other websites are dealing with security issues.

They include LinkedIn, which last month disclosed that fallout from a 2012 data breach has not gone away – the data of a purported 100 million members was recently released.

“The recent prevalence of data breaches from other websites is challenging for all websites – not just those breached,” Coates wrote. “Attackers mine the exposed username, email and password data, leverage automation, and then attempt to automatically test this login data and passwords against all top websites.”