Twitter users should be aware that over 32 million login credentials are no being sold on the dark web despite the company saying that their systems were not breached at all.
While Twitter does believe that there was no data breach on their end, the login credentials were still taken through another way. The hackers have not disclosed how they were able to snatch 32,888,300 records that include passwords, usernames and email addresses.
Leaked login credentials search engine LeakedSource allows users to check if their email addresses were part of the recent leaks. The user information was sent to them by "Tessa88@exploit.im," TechCrunch reported.
Twitter's spokesperson said in a statement: " We are confident that these usernames and credentials were not obtained by a Twitter data breach - our systems have not been breached. In fact, we've been working to help keep accounts protected by checking our data against what's been shared from recent other password leaks."
LeakedSource believes that the hackers were able to amass that much data by infecting the users' browsers with a malware. It would be possible considering that the data was not directly stolen from Twitter themselves.
Tessa88 is asking whoever is interested in the data for 10 bitcoins or roughly $5800, Mashable reported. All in all, the stolen database contains 379 million records most of which could just be duplicates of one another.
"Twitter credentials are being traded in the tens of millions on the dark web. LeakedSource has obtained and added a copy of this data to its ever-growing searchable repository of leaked data," LeakedSource said in their official blog post.
Most of the users in the stolen database are located in Russia. Tessa88 was also the one who leaked the database from the VK Russian social network several days ago.
Another interesting find is the passwords that were found in the database were too common and weak. The password "123456" even showed up more than 120000 times.
Twitter users can change their passwords any time in order to feel safe from the hack. They can also check their email address if it was part of the recent hacks on the LeakedSource search engine.