There are currently 2,649,875,832 / 3,109,103,084 accounts in our database.

June 8th, 2016

Preface

Twitter credentials are being traded in the tens of millions on the dark web. LeakedSource has obtained and added a copy of this data to its ever-growing searchable repository of leaked data. This data set was provided to us by a user who goes by the alias "Tessa88@exploit.im", and has given us permission to name them in this blog.


LeakedSource is a search-engine capable of searching over 1.8 billion leaked records -- an aggregation of data from hundreds of disparate sources. We have been able to accumulate this data over a relatively short period of time through a combination of deep-web scavenging and rumor-chasing. Occasionally these efforts lead to major discoveries (e.g. Myspace.com, LinkedIn.com, Badoo.com), but we really aren't too picky. If we come across a leaked database from a company that most people haven't heard of, we will incorporate it into our master database just the same.


You may search for yourself in the leaked Twitter.com credentials by visiting our homepage.


Since embarking on this ambitious project just a handful of months ago, we have processed an unbelievable amount of data. Much more than we expected, more than most large companies will ever house -- and we're just getting started. LeakedSource may soon become synonymous with Big Data, so don't miss out!


Anyone may use the information on this page for free in any capacity provided LeakedSource is given credit and a link back.


LeakedSource does not engage in, encourage or condone unlawful entry ("hacking") into private systems.

Table of Contents

Summary

This data set contains 32,888,300 records. Each record may contain an email address, a username, sometimes a second email and a visible password. We have very strong evidence that Twitter was not hacked, rather the consumer was. These credentials however are real and valid. Out of 15 users we asked, all 15 verified their passwords.


The explanation for this is that tens of millions of people have become infected by malware, and the malware sent every saved username and password from browsers like Chrome and Firefox back to the hackers from all websites including Twitter.


The proof for this explanation is as follows:

  • The join dates of some users with uncrackable (yet plaintext) passwords were recent. There is no way that Twitter stores passwords in plaintext in 2014 for example.
  • There was a very significant amount of users with the password "<blank>" and "null". Some browsers store passwords as "<blank>" if you don't enter a password when you save your credentials.
  • The top email domains don't match up to a full database leak, more likely the malware was spread to Russians.


Also we triple checked, Mark Zuckerberg isn't in this data set. We have attempted to contact Twitter to provide them some more information but have not heard back yet. The lesson here? It's not just companies that can be hacked, users need to be careful too.

API

After the last breach we received many requests for API access, and we are launching a business API with a consumer one to follow in the near future. You can read about the API features at our API page.

Passwords

Passwords were stolen directly from consumers, therefore they are in plaintext with no encryption or hashing. Remember that Twitter probably doesn't store the passwords in plaintext, Chrome and Firefox did.


For subscribed LeakedSource users, we are only displaying the first 3 characters of passwords, with a form that will allow you to validate if yours was leaked until Twitter responds to us. Anybody can verify that this form does not transmit any password information to LeakedSource, the verification is done by your browser.


The following table shows the top passwords used by Twitter.com users affected by malware.


Rank Password Frequency
1 123456 120,417
2 123456789 32,775
3 qwerty 22,770
4 password 17,471
5 1234567 14,401
6 1234567890 13,799
7 12345678 13,380
8 123321 13,161
9 111111 12,138
10 12345 11,239
11 123123 11,099
12 9-11-1961 10,444
13 9111961 10,231
14 000000 10,124
15 666666 9,264
16 555555 8,586
17 1q2w3e4r5t 8,386
18 654321 8,358
19 1234 8,257
20 gfhjkm 7,773
21 7777777 7,659
22 222222 6,696
23 cepetsugih 6,603
24 777777 6,539
25 999999 6,428
26 112233 6,398
27 1q2w3e4r 6,178
28 888888 5,784
29 333333 5,772
30 qwerty123 5,666
31 iloveyou 5,443
32 exigent 5,355
33 159753 5,063
34 123qwe 4,934
35 abc123 4,816
36 qwertyuiop 4,797
37 1qaz2wsx 4,753
38 1q2w3e 4,493
39 qqww1122 4,244
40 pakistan 4,001
41 987654321 3,926
42 qwe123 3,597
43 samsung 3,351
44 q1w2e3r4 3,271

Emails

Simple table of top email domains. Clearly Russian consumers download bad things. 3,022 emails end in *.gov


Rank Email Domain Frequency
1 @mail.ru 5,028,220
2 @yahoo.com 4,714,314
3 @hotmail.com 4,520,434
4 @gmail.com 3,302,205
5 @yandex.ru 1,020,757
6 @aol.com 586,661
7 @rambler.ru 428,084
8 @bk.ru 374,855
9 @list.ru 291,403
10 @inbox.ru 260,957
11 @hotmail.fr 196,206
12 @hotmail.co.uk 193,357
13 @msn.com 188,220
14 @live.com 163,167
15 @comcast.net 145,737
16 @yahoo.co.uk 104,183
17 @ymail.com 99,358
18 @yahoo.fr 85,964
19 @sbcglobal.net 84,830
20 @ukr.net 78,879
21 @yahoo.co.in 72,953
22 @web.de 67,010
23 @yahoo.co.id 62,247
24 @libero.it 60,294
25 @ya.ru 57,080
26 @naver.com 50,417
27 @hotmail.it 48,639
28 @live.fr 48,179
29 @gmx.de 47,117
30 @rocketmail.com 46,162
31 @cox.net 43,500
32 @bellsouth.net 42,586
33 @hotmail.de 39,703
34 @rediffmail.com 38,585
35 @yahoo.com.br 36,880
36 @att.net 35,654
37 @live.co.uk 35,624
38 @verizon.net 33,651
39 @btinternet.com 31,914
40 @yahoo.de 27,588
41 @inbox.lv 26,478
42 @aim.com 26,325
43 @googlemail.com 25,507
44 @i.ua 24,779
45 @earthlink.net 23,475