According to reports by LeakedSource, a site that indexes hacked login credentials from data breaches, Twitter login credentials were being sold on the Darknet. The blog stated that they received a database containing 32 Million Twitter login credentials.
Based on the information available, the site adds that the credentials were stolen by browser malware, rather than breaching Twitter’s database, because of the fact that most of the stolen passwords are in plain text. Also it seems that majority of the people who have been breached are from Russia, as 6 of the top 10 email domain names belonged to the country.
To help keep people safe and accounts protected, we've been checking our data against what's been shared from recent password leaks.— Twitter Support (@Support) June 6, 2016
Michael Coates, Trust and Information Security officer of Twitter, Tweeted that Twitter's systems haven’t been breached. He later added in another tweet, “We securely store all passwords w/ bcrypt,” confirming that they store password after hashing, which is a good practice from a security standpoint.
We have investigated reports of Twitter usernames/passwords on the dark web, and we're confident that our systems have not been breached.— Michael Coates ஃ (@_mwc) June 9, 2016
The real danger from this is for people who usually re-use their passwords in multiple online sites. Recently, Mark Zuckerberg had a couple of his online account hacked because he had re-used his password, which leaked in the LinkedIN Data breach. This should be a lesson for web users to use strong passwords & to reset their passwords in the event of a data breach. Also, it is recommended to use features like Two Factor Authentication to ensure safety of personal data .