Twitter Password leak, millions of passwords posted online - Webroot Commentary
David Kennerley, director of threat research at Webroot:
Another day, another report that social-media passwords are now for sale on the dark web. What makes this one stand out is that Twitter denies all claims. While the source of the dump continues to be investigated, users should be proactive– changing their Twitter password and any another online account passwords, where they have unwisely used the same password.
Password guidance is very mixed, but one piece of advice that everyone should agree on is using different passwords for the different sites visited, very few people actually do this. Many accounts now support login notifications, alerts regarding login attempts from new locations and devices, and two-factor authentication – activate such options where possible. Locally users should make sure their OS and 3rd party applications and plugins are patched and up-to-date, while using a trusted anti-malware solution is essential.
If you suspect your details have been compromised it is best to be overly cautious, as failing to take action can lead to a much bigger headache in the case of identity theft a precursor to financial loss.