Author: Ionut Arghire, Security Week
The cybercriminal behind the claimed Twitter leak is the same hacker who was previously attempting to sell stolen data from Myspace, Tumblr and VK user accounts, namely Tessa88@exploit.im. The Twitter credentials have already made it online on paid search engine for hacked data LeakedSource, which says it received a total of 32,888,300 records, each containing user’s email address, username, possibly a second email, and a password.
What is yet unclear is how old the supposedly leaked data is, since LeakedSource doesn’t provide specific details on that, although they do suggest that some credentials might be only a couple of years old. Furthermore, IT Security expertSorin Mustaca tells SecurityWeek that the manner in which these credentials were stolen isn’t that clear either.
“Interesting enough, Leakedsource writes that they “very strong evidence that Twitter was not hacked”, rather the users got infected with some malware which stole credentials directly from the browsers of any account, not only Twitter’s,” Mustaca says. “However, there is no clear evidence presented that this is indeed the case. Their explanation for malware stealing credentials from browser is not entirely valid.”
Although malware that targets browsers to steal user data is not unheard of, Mustaca explains that browsers store credentials encrypted, and that a master password is required to decrypt them. “Sometimes this password is the logged on user’s password, sometimes it is independent of the logged on user. But there is always a password,” he says.
According to Mustaca, the question that we need to ask ourselves is how the hacker ended up obtaining exactly Twitter accounts and the password in plain text. “And where are the other accounts?,” Mustaca also asks. If malware was indeed used to harvest these credentials, the attacker should have ended up with a whole lot of other user data as well, pertaining to other online services.
© Copyright 2016 Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity
Check www.endpoint-cybersecurity.com for seeing the consulting services we offer.
Visit www.itsecuritynews.info for latest security news in English
Besuchen Sie de.itsecuritynews.info für IT Sicherheits News auf Deutsch