Malware harvesting stored credentials exposed 32 million Twitter accounts

A data set with more than 32 million Twitter accounts is up for sale, and according to those who have examined the data, the source of the records appears to be malware that’s harvested credentials stored in Chrome or Firefox.

The data, according to ZDNet, is being sold for 10 BTC, or roughly $5,800. Though the collection is 379 million records, the actual count is 32 million once duplicates are removed.

LeakedSource examined the data on Wednesday and says the likely explanation is that tens of millions of people were infected by malware that harvested Twitter credentials in the victim’s browser.

Part of the reason for this conclusion is that many of the password fields registered “” or “null” which is what happens when usernames are stored in the browser, but the user doesn’t enter a password. The other point of evidence is the fact the passwords are presented plaintext, a formatting that Twitter doesn’t use.

Of the accounts in the data set, five million of them are from Russia, followed by Yahoo, Hotmail, and Gmail. Half of the top ten domains are Russian, suggesting that most of the infected users are located in the region.

On Monday, Twitter said that they’ve been checking their data against the hundreds of millions of recently leaked records from MySpace, LinkedIn, Badoo, and VK. It’s almost assured that anyone on this most recent list will be flagged and have their account reset.