June 8th, 2016

Preface

Twitter credentials are being traded in the tens of millions on the dark web. LeakedSource has obtained and added a copy of this data to its ever-growing searchable repository of leaked data. This data set was provided to us by a user who goes by the alias "[email protected]", and has given us permission to name them in this blog.

LeakedSource is a search-engine capable of searching over 1.8 billion leaked records -- an aggregation of data from hundreds of disparate sources. We have been able to accumulate this data over a relatively short period of time through a combination of deep-web scavenging and rumor-chasing. Occasionally these efforts lead to major discoveries (e.g. Myspace.com, LinkedIn.com, Badoo.com), but we really aren't too picky. If we come across a leaked database from a company that most people haven't heard of, we will incorporate it into our master database just the same.

You may search for yourself in the leaked Twitter.com credentials by visiting our homepage.

Since embarking on this ambitious project just a handful of months ago, we have processed an unbelievable amount of data. Much more than we expected, more than most large companies will ever house -- and we're just getting started. LeakedSource may soon become synonymous with Big Data, so don't miss out!

Anyone may use the information on this page for free in any capacity provided LeakedSource is given credit and a link back.

LeakedSource does not engage in, encourage or condone unlawful entry ("hacking") into private systems.

Table of Contents

• Preface
• Summary
• API
• Passwords
• Emails

Summary

This data set contains 32,888,300 records. Each record may contain an email address, a username, sometimes a second email and a visible password. We have very strong evidence that Twitter was not hacked, rather the consumer was. These credentials however are real and valid. Out of 15 users we asked, all 15 verified their passwords.

The explanation for this is that tens of millions of people have become infected by malware, and the malware sent every saved username and password from browsers like Chrome and Firefox back to the hackers from all websites including Twitter.

The proof for this explanation is as follows:

• The join dates of some users with uncrackable (yet plaintext) passwords were recent. There is no way that Twitter stores passwords in plaintext in 2014 for example.
• There was a very significant amount of users with the password "<blank>" and "null". Some browsers store passwords as "<blank>" if you don't enter a password when you save your credentials.
• The top email domains don't match up to a full database leak, more likely the malware was spread to Russians.

Also we triple checked, Mark Zuckerberg isn't in this data set. We have attempted to contact Twitter to provide them some more information but have not heard back yet. The lesson here? It's not just companies that can be hacked, users need to be careful too.

API

After the last breach we received many requests for API access, and we are launching a business API with a consumer one to follow in the near future. You can read about the API features at our API page.

Passwords

Passwords were stolen directly from consumers, therefore they are in plaintext with no encryption or hashing. Remember that Twitter probably doesn't store the passwords in plaintext, Chrome and Firefox did.

For subscribed LeakedSource users, we are only displaying the first 3 characters of passwords, with a form that will allow you to validate if yours was leaked until Twitter responds to us. Anybody can verify that this form does not transmit any password information to LeakedSource, the verification is done by your browser.

The following table shows the top passwords used by Twitter.com users affected by malware.

Emails

Simple table of top email domains. Clearly Russian consumers download bad things. 3,022 emails end in *.gov