Twitter has said it isn't the source of a database containing 32,888,300 login details of its users, but that it is investigating.
The database, found by LeakedSource on dark web forums, contains one or two emails per user, their login name, and password, none of which is encrypted. LeakedSource has added the data to its database and says it is working with Twitter to find out more about the list's provenance.
"We are confident that these usernames and credentials were not obtained by a Twitter data breach – our systems have not been breached," a Twitter spokesperson told The Reg.
"In fact, we've been working to help keep accounts protected by checking our data against what's been shared from other recent password leaks."
We securely store all passwords w/ bcrypt. We are working with @leakedsource to obtain this info & take additional steps to protect users.— Michael Coates ஃ (@_mwc) June 9, 2016
So where did the database come from? It's possible it's a collection of logins harvested from computers infected with malware that scraped the passwords, and these have now been collated into a searchable database and put up for sale by some enterprising scumbag. Alternatively, the passwords could have been taken from another web service that was hacked, and people have been reusing their passwords with Twitter.
"We have very strong evidence that Twitter was not hacked, rather the consumer was," said LeakedSource. "These credentials however are real and valid. Out of 15 users we asked, all 15 verified their passwords."
Although full passwords aren't being published for the purloined accounts, the initial analysis of them makes for depressing reading – password creators are still showing less imagination than an Adam Sandler script writer when it comes to securing their login details.
By far the most common password was the oh-so original "123456" – followed by "123456789," "qwerty," and, of course, "password." However, over 10,000 people used "9-11-1961," which is odd since nothing of note happened on that day.
The bulk of the purloined data appears to have come from Russian Twitter users. The most popular email provider was @mail.ru, with @yandex.ru in fifth place behind @yahoo.com, @hotmail.com, and @gmail.com. ®