More than 32 million Twitter accounts are being sold for 10 Bitcoins

According to foreign media reports, more than 32 million Twitter login names and passwords are being publicly sold online.

A hacker going by the username Tessa88 is asking for 10 bitcoins (around £4,000) for the list.

It is unclear whether the list is genuine or how it was compiled, but there are reports that it was compiled by hackers using malware to steal user data.

In a statement, Twitter said it believed its site had not been hacked and that the data was in no way obtained from it.

Victims of the virus

The list was mentioned in a blog post on the website of a company called Leaked Source, which has built a database of stolen or leaked login information.

The company said the list shared with it by hacker Tessa88 included a total of 32,888,300 records, each of which listed a user's email address, username and password.

"We have strong evidence that Twitter was not hacked. However, its users were," the company said in a blog post.

This means that the list is compiled from data stolen by hackers using viruses. The person who spreads the virus uses the virus to infect network users, steal their relevant data, and transmit the data back to this person.

The company said that based on an analysis of the list, the login names and passwords were likely collected through the distribution of the virus.

Analyzing where most of the victims are located further proves that the data does not come from Twitter.

Leaked Source said it had verified a small number of the email accounts and passwords on the list and found them to be authentic. The technology blog ZDNet said two of its staff members also appeared on the list; they confirmed that the passwords listed next to their login names were correct. However, another staff member said the information on the list was inaccurate.

Analyzing the email addresses in the list, it can be found that many of the victims are Russian. In this list, there are as many as 7.4 million Russian email addresses.

Leaked Source said it was contacted by Twitter security staff immediately after it published a blog post about the stolen data, and that security staff were "vigorously" protecting Twitter users who appeared on the list.

Separately, Twitter security chief Michael Coates confirmed that the microblogging site is working with Leaked Source to use the information in the list to help affected users.

He added: "We have investigated reports of Twitter usernames and passwords and we are confident that our site has not been hacked."

In a separate statement, Twitter said it was "working to match our data to other recently reported breaches to help impacted users protect their accounts."

Troy Hunt, a security expert who runs a website that lets people check if their login names and passwords appear in the stolen data published online, expressed concern about the leak.

"There have been many serious hacking incidents recently. However, we cannot take it for granted and take it lightly," he said.

He suggested that if Twitter users use a simple password or use the same password for many other online services, they should change their Twitter password.

Previously, social networking site MySpace and microblogging site Tumblr also had a large amount of user data published online. And in May this year, millions of user login credentials of professional social networking site LinkedIn were also publicly sold online. (Lexue)