Someone is selling 33 million Twitter passwords on the dark web

Twitter's account hacking woes aren't about to end any time soon. 

Days after a number of prominent Twitter accounts got hacked — including those belonging to musicians Katy Perry and Drake as well as Twitter co-founder Evan Williams — nearly 33 million Twitter usernames and passwords are being sold online. 

According to Leaked Source..

 a site that collects databases of stolen login credentials for a number of sites, the 32,880,300 Twitter credentials are being sold by a person identified by the alias Tessa88. Zdnet reported that the price Tessa88 is asking for the entire database (which allegedly contains 379 million records, but likely has many duplicates) is 10 bitcoins, or about $5,800 at the time of writing. 

Each record consists of one or two email addresses, username and password, but what's odd about this leak is that the passwords aren't encrypted at all. While this is bad news for users whose credentials are now available online (Leaked source says it checked the authenticity of the passwords with 15 users, all of which confirmed they were genuine), this indicates that they were not obtained by hacking Twitter or a third-party site. 

"The explanation for this is that tens of millions of people have become infected by malware, and the malware sent every saved username and password from browsers like Chrome and Firefox back to the hackers from all websites including Twitter," Leaked source wrote in a blog post Wednesday. 

Leaked source lets anyone search through its database of stolen login credentials, but we advise caution, as any email addresses or other info entered into the search field could be harvested for nefarious purposes. You can, however, check Leaked source's list of the most commonly used passwords from its Twitter database — if your password (on any site, not just Twitter) resembles anything on that list, you should probably change it as soon as possible.