A Russian seller with the username "Tessa88" claimed to have the database of usernames, emails and passwords for 32 million accounts, according to ZDNet. The asking price was 10 bitcoins, or about $5,773, as of this writing. The seller noted they acquired the database in 2015 as part of a larger haul of 379 million accounts, far more than Twitter's 310 million monthly users, though that could include dormant ones.
In a prepared statement, a Twitter spokesperson denied that its systems had been hacked, and that the company has "been working to help keep accounts protected by checking our data against what's been shared from recent other password leaks." Twitter's trust and info security officer tweeted last night that the company is confident that its systems weren't breached.
Instead, the accounts were probably acquired by malware that copied passwords and usernames entered while browsing in Chrome or Firefox, according to LeakedSource. After filtering out duplicates, their analysis of the database confirmed 32 million purported accounts.
There's probably no cause for alarm unless your password is weak, said Microsoft regional director and MVP for developer security Troy Hunt: