Twitter Downplays Breach That Exposed Passwords

Nearly 60,000 Twitter usernames and passwords released via Pastebin, but social networking service says half are for blocked spam accounts or duplicates.

Tens of thousands of Twitter users email addresses and passwords have been dumped online.
The leaked information, comprising 58,978 username and password combinations, appeared Monday on Pastebin. While Twitter said that its investigating the breach, it’s also downplayed the supposed size and severity of the data dump.
We are currently looking into the situation, said spokeswoman Rachel Bremer via email. Its worth noting that, so far, weve discovered that the list of alleged accounts and passwords found on Pastebin consists of more than 20,000 duplicates, many spam accounts that have already been suspended, and many login credentials that do not appear to be linked (that is, the password and username are not actually associated with each other).
Most hackers dumping data on Pastebin only divulge a subset of their data, then
link to a torrent file
for anyone who wants to download the entire data set. But in this case, whoever posted the data simply pasted the information across five different Pastebin posts. (Links:
one
,
two
,
three
,
four
, and
five
.) That was necessary since Pastebin imposes a 512 Kb limit on each post.
[ Are you ignoring common social media privacy controls and sharing risks? See
Facebook Privacy: 5 Most Ignored Mistakes
. ]
While Twitter is continuing its investigation, the company said its already contacted affected users. We have pushed out password resets to accounts that may have been affected, said Bremer. For those who are concerned that their account may have been compromised, we suggest
resetting your passwords
and more in our Help Center.
Still, few Twitter users would have been affected by the breach. Based on Twitters estimate of the number of invalid accounts contained in the data dump, and with the social network claiming to now have over 140 million active users, the breach would have affected about 0.02% of its user base.
Who leaked the Twitter account credentials, and why? Thanks to the Pastebin poster remaining anonymous, and no group stepping forward to take credit, thats not clear. But its quite possible that the leaked credentials were
gathered via phishing attacks
, which would have
tricked users into divulging their details
. If so, that would exonerate Twitter and its information security practices.
That question is relevant because last year, as part of its settlement with the Federal Trade Commission settlement, Twitter agreed to improve its information security practices,
undergo regular information security audits
for 10 years, and avoid making any misleading statements about the effectiveness of its security or privacy practices for the next 20 years.
The settlement stems from an FTC charge that the social network deceived consumers and put their privacy at risk by failing to safeguard their personal information, after hackers in 2009 twice gained full administrative control of the Twitter site.
As part of the settlement, which was first fielded by the FTC in 2010, Twitter agreed to designate employees to coordinate--as well as be accountable for--its information security and privacy programs. Twitter also agreed to put in place reasonable safeguards to mitigate any information security risks it identified, and to store data securely. But by the time the settlement was announced last year, Twitter said it had added almost all of the required security improvements.
Put an end to insider theft and accidental data disclosure with network and host controls--and dont forget to keep employees on their toes. Also in the new, all-digital
Stop Data Leaks
issue of Dark Reading: Why security must be everyones concern, and lessons learned from the Global Payments breach. (Free registration required.)

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Twitter Downplays Breach That Exposed Passwords