This morning, I got an (apparently legitimate) email from Twitter saying that there had been unusual activity on my account.
Interestingly, this email came in to an alias email that I used many years ago, and linked to a Twitter account I had created back in 2012 and never really used. I loaded up Twitter in the browser, logged in, and changed the password. I was prompted for the token provided in the email, so the email evidently was from Twitter. As I’ve not logged in to this account in several years, I wondered where this might have come from. So, I hopped over to Have I been Pwned? to check if there was anything new. The only loss that this email account is associated with is the XSplit breach (email addresses, hashed passwords, usernames, names) back in 2013. Back in the day I had quite poor password management, and used the same password for things that I didn’t really intend to use more than once. So, it seems likely to me that I had used the same email/password combination for these two out of laziness. Looking at details of the XSplit breach, it seems that hashed passwords were lost. A quick Google search filtering to just the past month shows some other people claiming that they have been hacked, and claiming that they use(d) XSplit. Contents of the dump appear to have been posted on nulled.cr back in November 2015, with the thread being quite active over the past week. So, my guess would be that someone has obtained a copy of the dump, has managed to break the encryption on the passwords, and is now trying the emails/passwords out. So, be warned if you used XSplit prior to 2013! It is also possible that this is a new-ish breach, but this seems more unlikely.