Twitter Locks Hacked Accounts, Denies Its Servers Were Breached

A recent report stating that 32 million Twitter account were hacked prompted Twitter to respond. The company denied that its servers have been hacked, but it said that the accounts that have had their passwords leaked will be locked anyway. Affected users will be prompted to reset their passwords.

Twitter said that considering it has seen no evidence of its servers being hacked, it believes that the 32 million leaked Twitter accounts may have been hacked with user credentials exposed in other data breaches or stolen by malware infecting users’ machines.

Many people reuse their passwords for other sites, which is why security experts recommend using a password manager with a strong master password as an alternative to reusing passwords or having to remember dozens of them.

Recently, it was reported that some hackers were trying to sell 117 million Linkedin accounts that were obtained in the 2012 data breach. However, at the time, only 6.5 million accounts were posted online, so the breach was thought to be much smaller.

Twitter cross-checked the leaked accounts with its own database of users and identified which ones it can lock and prompt the users to reset their passwords. However, in many of these cases, it’s possible that people were using the same password for both their leaked email account and their Twitter account. This means that the new passwords could be obtained by the hackers, as well.

Twitter said that it takes security seriously and proved as much by adopting HTTPS for all of its services, and it uses bcrypt to encrypt passwords--which is an industry best practice. The company also uses other identifiers, such as location and login history, to determine whether there’s any suspicious behavior when someone tries to log in.

If you don’t want your Twitter account, or any other important service you may be using, to be hacked, then it’s best to use a password manager and to enable two-factor authentication (Twitter calls it login verification). Then, even if the password is stolen, and even if it wasn’t properly encrypted by the service provider, the hacker still can’t get in without the second-factor code.

Lucian Armasu is a Contributing Writer for Tom's Hardware. You can follow him at @lucian_armasu. 

Follow us on FacebookGoogle+, RSS, Twitter and YouTube.

TOPICS
Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.
Latest in Social Media
Attackers Could Have Made Private TikTok Videos Public
Myspace Lost 13 Years Worth of Data and Basically Nobody Cared
U.S. Visitors, Immigrants Could Be Required To Reveal Social Media Identities
Myspace Security Flaw Allows For Easy Account Takeover (Yes, Myspace)
Privately Offers Users Control Over Social Media Sharing
The “Snappening” Proves Self-Destructing Messages Are Not That Secure
Latest in News
RX 9070 XT Sapphire
Lisa Su says Radeon RX 9070-series GPU sales are 10X higher than its predecessors — for the first week of availability
RTX 5070, RX 9070 XT, Arc B580
Real-world GPU prices cost up to twice the MSRP — a look at current FPS per dollar values
Zotac Gaming GeForce RTX 5090 AMP Extreme Infinity
Zotac raises RTX 5090 prices by 20% and seemingly eliminates MSRP models
ASRock fixes AM5 motherboard by cleaning it
ASRock claims to fix 'burned out' AM5 motherboard by cleaning the socket
ChatGPT Security
Some ChatGPT users are addicted and will suffer withdrawal symptoms if cut off, say researchers
project-g-assist-nvidia-geforce-rtx-ogimage
Nvidia releases public G-Assist in latest App to provide in-game AI assistance — also introduces DLSS custom scaling factors