Over the last few weeks, we’ve seen a deluge of celebrities and public figures have their Twitter accounts hacked.
Katy Perry, Kylie Jenner, Jack Black — even billionaire tech entrepreneur Mark Zuckerberg isn’t safe.
And now a hack-tracking website says it has been alerted to a massive data dump containing 32 million Twitter logins, including usernames, logins, and passwords.
So has Twitter been hacked? In a word: No.
People keep making the oldest mistake in the book
“We’ve investigated claims of Twitter @names and passwords available on the “dark web,” and we’re confident the information was not obtained from a hack of Twitter’s servers,” Twitter’s trust and information security officer Michael Coates wrote in a blog post on Friday.
So what happened? Where does all the data come from? From other, older breaches of other sites and services, Coates believes — or from malware capable of stealing passwords.
“The purported Twitter @names and passwords may have been amassed from combining information from other recent breaches, malware on victim machines that are stealing passwords for all sites, or a combination of both. Regardless of origin, we’re acting swiftly to protect your Twitter account.”
The problem is that people keep using the same password for multiple accounts on multiple services, Twitter claims. Experts recommend that you use a different, strong password for all of your accounts. That way, if one site gets hacked, then your other accounts remain perfectly safe.
But people don’t do this — they reuse the same passwords over and over, because it’s easier. And with hacks now a fact of life, it’s all but guaranteed that on a long enough time frame, one of the services you have an account with will be hacked.
Coates said that Twitter has been examining data from recent login data dumps and that it is, where necessary, forcing users to reset their passwords.
“In each of the recent password disclosures, we cross-checked the data with our records,” he writes. As a result, a number of Twitter accounts were identified for extra protection. Accounts with direct password exposure were locked and require a password reset by the account owner.”
Celebrities are making the same mistakes as the rest of us
Over the last few weeks, massive hacks from years ago are making the news again — including those targeting MySpace and LinkedIn.
In June 2013, social network MySpace got breached, and 360 million user accounts were compromised. That user data appeared for sale online at the end of May this year. Likewise, LinkedIn was hacked back in 2012, with 167 million account details stolen. We also learnt the full scale of this hack in May, as the database became public.
In both instances, users passwords were encrypted to protect them — but not in a particularly strong way, meaning people have been able to crack the encryption and figure them out.
As a result, hackers been able to use this login data to target and take over the accounts of celebrities like the singers Drake and Lana Del Rey.
These celebrities reused their passwords across multiple sites. Now it’s coming back to haunt them.