After about 32 million Twitter account credentials leaked on the darkweb, the microblogging site has finally taken action in response to the reported hacks, by hacking a number of accounts on its platform.
In a blog post, Twitter announced that it has locked accounts that had their passwords available in plain text, and the same will remain locked until the owners reset their passwords. Twitter re-confirmed that its servers were not breached by the perpetrators, and the passwords may have been gathered by combining information from other breaches or malware on the victims' devices.
Although Twitter hasn’t directly blamed data leaks on any other site, it has mentioned, “When so many breaches are announced in a short window of time, it may be natural to assume that any mention of “another breach” is true and valid. Nefarious individuals leverage this environment in order to either bundle old breached data or repackage accounts from a variety of breaches, and then claim they have login information and passwords for website Z. We take security concerns seriously, and investigate issues as they arise, but everyone should also scrutinize the merits of any credential claim. We’re always focused on the issues that present a real threat to account security.”
Twitter has also suggested securing accounts by using a Two-Factor authentication method along with Password Managers, so that strong and unique passwords are used uniformly. Security is paramount these days, and with people having accounts on multiple online platforms, it gets tedious for the end-user to keep track of all passwords and change them simultaneously, in case of severe breaches.