Several sources indicate that 32 million Twitter usernames and password combinations are currently being traded by hackers on the dark web. Twitter is currently dealing with the fallout from the reported leak and some users have already received notifications to reset their passwords. Michael Coates, the Trust and Information Security Officer for Twitter, stated that “We have investigated reports of Twitter usernames/passwords on the dark web, and we're confident that our systems have not been breached.”

In a post on Twitter’s site, Coates added that the purported leak may have come as a result of “combining information from other recent breaches, malware on victim machines that are stealing passwords for all sites, or a combination of both.” Accounts which were identified by the company as at-risk as a result of the breach have been locked and require a password reset by the account owner. 

Due to a number of large-scale breaches in the past year, there has been an increase in account takeovers on sites not affected in the original breach. Since many users re-use their passwords across various sites, cybercriminals have been able to re-use the leaked passwords. Reddit, a popular social network, recently reset 100,000 user passwords for accounts which have been compromised by leaks for other sites, such as the 100 million recently disclosed credentials for LinkedIn. 

To increase security for your Twitter account, you can enable two-factor authentication on the social media site. Twitter’s login verification feature allows users to add a second check to the login process in addition to the password. 

To enable login verifications, login to your Twitter account, go to the “account settings” page, select “Security and privacy” on the left hand menu, and put a checkmark next to “Verify login requests.” To enable this feature, you’ll need to add your phone number to your Twitter account information. When this feature is enabled, you’ll need to provide a login code in addition to your account password when logging in. The login code will be sent to your phone via text message.