Russian Hacker Claims To Hold 32 Million Stolen Twitter Account Credentials

It may be time to update your Twitter password. A Russian hacker under the alias “Tessa88” claims to hold 32 million stolen Twitter account credentials and is selling the database for 10 bitcoins, or roughly $5,810 USD.

The hacker supposedly also has links to the recent breaches of LinkedIn and Myspace. Another Russian hacker claimed to have stolen passwords from Gmail and Yahoo in May. 

Password Thumbnail

LeakedSource argues that this was not a leak and that the supposed “hacker” is blowing smoke. LeakedSource claimed that out of the fifteen users they asked, all fifteen were able to verify their passwords. They insist that instead, “millions of people have become infected by malware, and the malware sent every saved username and password from browsers like Chrome and Firefox back to the hackers from all websites including Twitter.” Their reasoning is as follows:

  1. The join dates of some users with uncrackable plaintext passwords were recent. There is very little chance that Twitter still stores passwords as plaintext, however we browsers often do. 
  2. There was a very significant amount of users with the password ‘<blank>’ and ‘null’. Web browsers will store passwords as “<blank>” and “null” if they are not properly saved. 
  3. The top email domains do not match up to a full database leak. 
Some of the top passwords were “12345”, “qwerty”, and “password”. Some of the top domains were,, and Nearly 5 million accounts were reportedly leaked alone.

Twitter responded to this rumored leak, stating, “To help keep people safe and accounts protected, we've been checking our data against what's been shared from recent password leaks.”