MANILA, Philippines – Twitter is investigating claims that username and password combinations for the microblogging service have been taken from the service and are being leaked on the dark web.

In a statement on Friday, June 10, Michael Coates, Twitter’s Trust and Information Security Officer, said the company was “confident the information was not obtained from a hack of Twitter’s servers.”

Instead, the username and password combinations may have been taken from information combed from other recent breaches, malware on victim machines, or a potentially harmful combination of the two.

The Wall Street Journal added in its report that around 33 million accounts may have been affected.

Twitter, meanwhile, did not give a specific number, but confirmed that “millions” of accounts are affected. The company added millions of additional passwords were invalid.

It also noted that LeakedSource, the website publishing the Twitter passwords and which sells access to these records for a fee, said it had more than 1.8 billion records in its database.

Twitter has locked those accounts “with direct password exposure,” and will require a password reset from the owner of the account to unlock. Twitter also recommended enabling login verification or two-factor authentication on Twitter accounts to increase account security. 

The news follows reports of notable celebrities and personalities’ Twitter accounts being accessed.

Mark Zuckerberg’s Twitter account, for example, was accessed by a group known as OurMine Team. The group claimed it acquired the passwords for Zuckerberg’s Twitter account (as well as his Pinterest account) from a recent LinkedIn password dump. – Rappler.com