A hacker has put on sale more than 32 million Twitter login names and passwords.
The hacker, who is using the name Tessa88, is selling the list for a price of 10 bitcoins that is equivalent to £4,000, to anyone who wants to copy the list.
As of now, it is not yet clear if the list is genuine and how it has been compiled.
Some reports have suggested that the list is a compilation of data stolen from users by malware.
However, in a statement, Twitter has said it was “confident” that the data did not emerge from a breach of its network.
“We have very strong evidence that Twitter was not hacked, rather the consumer was,” said the company in its blog.
This sale of the Twitter data has come soon after huge amounts of login data from MySpace and Tumblr were widely shared.
In May, millions of records about LinkedIn credentials were offered for sale online.
Consumer hacked
Information about the twitter list emerged in a blog entry on the website of a company called Leaked Source.
Leaked Source has built a database of login data that has been stolen or leaked.
The report on the website said that the dataset shared with it by Tessa88 contained 32,888,300 records, each containing an email address, username and password.
This has been interpreted to mean that the list has been compiled using data stolen by a virus that returned it to whoever ran the campaign to infect people.
Leaked Source said it had verified a small number of the email accounts and passwords in the list as being genuine.
ZDNet said two staff members found on the list had verified that the password listed next to their name was accurate.
However, one other staffer said that their details were incorrect.
A breakdown of email addresses in the list showed that the majority of them were Russian accounts, with Russian email addresses constituting more than 7.4 million of the total number of login credentials in the list.
Forcible protection
Leaked Source said it had been contacted by Twitter’s security staff who would now “forcibly” protect users from the data in the list.
Separately, Twitter’s security boss Michael Coates confirmed that it was working with Leaked Source on using credential data in the list to help users.
He added,
“We have investigated reports of Twitter usernames/passwords on the dark web, and we’re confident that our systems have not been breached.”
In another statement, Twitter said it had been,
“working to help keep accounts protected by checking our data against what’s been shared from recent other password leaks”.
