Accounts frozen as 33 million Twitter account logins go on sale

Social networking site Twitter has informed its users that their accounts are vulnerable to hacking after the usernames and passwords of almost 33 million its users were claimed to be stolen.

The leaked database, which accounts for a tenth of Twitter’s users, has been put up for sale by the hacker.

Twitter trust & information security officer Michael Coates said that the networking site has investigated the claims of usernames and passwords available on the "dark web," and remain confident that the details were not hacked from its servers.

The company said that the hacker may have used password and email combinations stolen from recent breaches to obtain purported usernames and passwords of Twitter users.

Coates said: "The purported Twitter @names and passwords may have been amassed from combining information from other recent breaches, malware on victim machines that are stealing passwords for all sites, or a combination of both. Regardless of origin, we’re acting swiftly to protect your Twitter account."

Twitter said that it has locked a number of accounts after assessing that they need extra protection.

It has identified this by cross-checking its users’ records with each of the recent password disclosures.

Coates said: "If your Twitter information was impacted by any of the recent issues – because of password disclosures from other companies or the leak on the "dark web" – then you have already received an email that your account password must be reset.

"Your account won’t be accessible until you do so, to ensure that unauthorized individuals don’t have access."

Myspace and LinkedIn and others were also hacked in the past month to steal usernames and passwords of their users.

LeakedSource, a website that published the Twitter passwords, claims to have over 1.8 billion records in its database.

It said that it has received Twitter data from a user who goes by the alias Tessa88@exploit.im.

LeakedSource said: "Twitter credentials are being traded in the tens of millions on the dark web. LeakedSource has obtained and added a copy of this data to its ever-growing searchable repository of leaked data."

Twitter said using the same username and password on multiple sites could allow the attackers to take over users’ accounts easily.

Coates added: "The recent prevalence of data breaches from other websites is challenging for all websites – not just those breached."