Twitter has broken its silence on reports that millions of usernames and passwords of users of the microblogging platform are now available on the dark web.
On 8 June, news emerged that hackers had accessed millions of Twitter credentials.
In an official blogpost, the microblogging platform reassured that the leaked information was not obtained from its servers. The post reads:
"Over the past days and weeks we've responded to several issues, including reports of leaked Twitter @names and passwords as well as potential collateral damage from the numerous breaches of other websites."
It further added, "....we've investigated claims of Twitter @names and passwords available on the "dark web," and we're confident the information was not obtained from a hack of Twitter's servers".
"The purported Twitter @names and passwords may have been amassed from combining information from other recent breaches, malware on victim machines that are stealing passwords for all sites, or a combination of both. Regardless of origin, we're acting swiftly to protect your Twitter account".
"In each of the recent password disclosures, we cross-checked the data with our records. As a result, a number of Twitter accounts were identified for extra protection. Accounts with direct password exposure were locked and require a password reset by the account owner."
What can you do?
Twitter advises, "If your Twitter information was impacted by any of the recent issues - because of password disclosures from other companies or the leak on the "dark web" - then you have already received an email that your account password must be reset. Your account won't be accessible until you do so, to ensure that unauthorised individuals don't have access."
Here's how you can keep your Twitter account safe
- Enable login verification (eg two factor authentication). This is the single best action you can take to increase your account security.
- Use a strong password that you don't reuse on other websites.
- Use a password manager such as 1Password or LastPass to make sure you're using strong, unique passwords everywhere.