Twitter said it had locked down and called for a password reset of some accounts after an unconfirmed claim of a leak of nearly 33 million usernames and passwords to the social network.
The company said the information was not obtained from a hack of its servers, and speculated that the information may have been gathered from other recent breaches, malware on victim machines that are stealing passwords for all sites, or a combination of both.
“In each of the recent password disclosures, we cross-checked the data with our records. As a result, a number of Twitter accounts were identified for extra protection. Accounts with direct password exposure were locked and require a password reset by the account owner,” Twitter’s Trust & Information Security Officer, Michael Coates said in a blog post on Friday.