Twitter has forced a password reset on an unnamed number of accounts exposed this week in a dump of 32.8 million account names and credentials. A Russian hacker known as Tessa88 has been involved in a number of recent password disclosures with Twitter being the most recent. He shared the cache of Twitter data with LeakedSource, a service that offers subscribers a searchable database of credentials stolen in breaches. LeakedSource said it turned over the data from Tessa88 to Twitter for further analysis. According to Twitter’s Information Security officer, the Twitter accounts were identified for extra protection and for each of the recent password disclosures, the data were cross-checked. Accounts with direct password exposure were locked and require a password reset by the account owner. The officer also reaffirmed that Twitter was not breached and that the account names and credentials for sale on exploit[.]im were aggregated from other sources online.
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street