The account credentials of millions of Twitter users have been dumped online. They were posted on hacked data aggregator LeakedSource on Wednesday evening, prompting anxiety among users of the social media platform and across the digital media industry.
Commenting on the matter to media, Twitter security executive Michael Coates said the company is confident that the records were not stolen from Twitter’s servers directly, and Wired quotes digital security firm Rendition InfoSec’s Jake Williams as guessing that the compromised accounts are the product of “users who share passwords among sites with less secure password storage practices.” It’s also not clear how many users have been affected by this security issue; LeakedSource is offering the credentials of over 32 million accounts, but Twitter has confirmed only that ‘millions’ of users have been affected, and has urged individuals to be skeptical of any claims to hacked data, noting that ‘nefarious individuals’ sometimes overstate their access to credentials in order to gain leverage when trying to sell such information.
Nevertheless, the incident may spur many users to take advantage of Twitter’s two-factor authentication feature, which uses SMS messaging for verification of account logins. It may even push Twitter to start exploring FIDO certification, or even biometric authentication, in order to enhance users’ security options going forward. At the very least, it should help to raise awareness about digital threats among everyday social media users.