TWITTER has locked some accounts following reports that log-in details for millions of users were on sale.
On Thursday reports surfaced that a Russian hacker called Tessa88 was asking for 10 bitcoins (£4,000) for access to a list of 32 million names.
In a blogpost, Twitter said it was confident that the data had not come from a hack attack on its servers.
But after scrutinising the list, it had locked some accounts and users would need to reset their passwords.
“The purported Twitter @names and passwords may have been amassed from combining information from other recent breaches, malware on victim machines that are stealing passwords for all sites, or a combination of both,” wrote Michael Coates, chief security officer at Twitter, in the blogpost.
Security firm Leaked Source, which first shared information about the list, said its analysis suggested the information came from PCs infected with data-stealing malware.