A recent blog post from LeakedSource has revealed that a cache of over 32 million Twitter credentials has been stolen and is now being leaked or sold on the Deep Web. The 32,888,300 stolen records contain e-mail address, usernames and passwords, so this is probably a great time for you to change your Twitter and email passwords. According to the source, the leaked accounts have been verified and they're 100% real, but security experts still have doubts.
For those of you who aren't familiar with the website, LeakedSource is a search engine which allows people to find out if their e-mail addresses or other accounts have been stolen and leaked on the Internet. Basically, the site contains a registry with all the stolen accounts that have been posted on the web (from the known leaks), and it cross-references your account by that registry to check if you're safe or not. While it would be easy to see why LeakedSource would make this up, the company's track record has been great so far, so I'm inclined to trust them on this one.
If you're wondering how the passwords were stolen, a Twitter spokesperson stated: "We are confident that these usernames and credentials were not obtained by a Twitter data breach – our systems have not been breached. In fact, we’ve been working to help keep accounts protected by checking our data against what’s been shared from recent other password leaks." The fact that most of the stolen data is leaked as plain text indicates that the social network is probably right and that the hackers gathered the confidential data by infecting the victims' browsers. Most of the compromised accounts belong to Russian users, but they are not the only people affected by the leak.
If you're interested in your online security and privacy, you should also read some of our older articles such as: "Are Windows 10's privacy issues real?" or "How To Keep Yourself Safe On Social Networks".