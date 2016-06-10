TWITTER has notified millions of users that their accounts are at risk of being taken over after a database containing nearly 33-million purported usernames and passwords for the social-blogging service was made public on Wednesday.

The database is the latest in a string of leaks in the past month affecting users of LinkedIn, Myspace and several Russian-language sites. The website that published the Twitter passwords, LeakedSource, says it has more than 1.8-billion records in its database. LeakedSource sells access to these records for a fee.

Twitter declined to specify how many users it had notified, but confirmed that the total was in the millions. It is forcing those users to change their passwords. Millions more of the alleged records were not valid, the company said.

Michael Coates, Twitter’s trust and information security officer, said the company is "quite confident" that the records were not stolen from Twitter’s computers. There is "no indication that we have been compromised", he said.

For its part, LeakedSource said it had "very strong evidence that Twitter wasn’t hacked, rather the consumer was". Both Mr Coates and LeakedSource pointed to formatting techniques suggesting the database may have been assembled by capturing information from previously hacked computers.

LeakedSource did not respond to requests for additional comment. It says on its website that it does not engage in, or encourage, hacking.

The multiple leaks may have been connected to the takeovers of several high-profile Twitter accounts in recent days. On Tuesday, the National Football League’s Twitter account was taken over and used to incorrectly announce the death of NFL Commissioner Roger Goodell. The next day, the account of Twitter co-founder Evan Williams was compromised.

The hacks primarily affect computer users who use the same password for multiple accounts and who don’t use additional security measures such as text-message notifications when someone tries to access an account from a new computer. On Sunday, hackers used a password from a 2012 LinkedIn breach to take over Mark Zuckerberg’s Twitter account. Monday, German software company TeamViewer said that criminals were using this data to take over the accounts of some of its customers.

LeakedSource said in its blog post that it had obtained the Twitter data from someone using the alias Tessa88@exploit.im, which also supplied the LinkedIn and Myspace data. It is not clear if that is one person or a group, and whether it represents the person or people who hacked into those systems.

Alex Holden, the chief information security officer with Hold Security, a company that investigates data breaches, said he believes the person or people using the "Tessa88" account are merely reselling the information.

"When somebody is coming out who is starting to sell old stuff — and yet extremely potent — in such quantities, the question is how they got it," he said.

Myspace says it is still trying to figure out where its user data came from. LinkedIn says its database — containing more than 100-million passwords — came from a 2012 breach of its corporate network.

Mr Holden said hackers were likely to be using the leaked information to prod other accounts — banking or air-mile accounts, for example — to see if they could find places where the passwords in the databases had been reused, he said.

