Stolen Twitter logins put on sale
More than 32 million Twitter login names and passwords are reportedly being offered for sale online.
A hacker using the name Tessa88 is asking for 10 bitcoins (£4,000) from anyone that wants to copy the list.
It is not yet clear whether the list is genuine or how it has been compiled. Some reports suggest it brings together data stolen from users by malware.
In a statement, Twitter said it was “confident” that the data did not emerge from a breach of its network.
Information about the list emerged in a blog entry on the website of a company called Leaked Source, which has built a database of login data that has been stolen or leaked.
It said the dataset shared with it by Tessa88 contained 32,888,300 records – each one of which listed an email address, username and password.
“We have very strong evidence that Twitter was not hacked, rather the consumer was,” said the company in its blog.
This has been taken to mean that the list has been compiled using data stolen by a virus that returned it to whoever ran the campaign to infect people.
Analysis of information supplied with the dataset suggested it had been gathered this way, said Leaked Source.
Other information, such as a breakdown of where most victims live, provided further evidence that it had not come from Twitter, it added.
Leaked Source said it had taken steps to verify a small number of the email accounts and passwords in the list were genuine. ZDNet said two staff members found on the list verified that the password listed next to their name was accurate but one other staffer said their details were incorrect.