Twitter has locked some accounts following reports that log-in details for millions of users were on sale.
On Thursday reports surfaced that a Russian hacker called Tessa88 was asking for 10 bitcoins (?4,000) for access to a list of 32 million names.
周四有报道称一个叫作Tessa88的俄罗斯黑客对这份3200万用户登录信息清单的要价为 10 比特币（约合 4000 英镑）。
In a blogpost, Twitter said it was confident that the data had not come from a hack attack on its servers.
But after scrutinising the list, it had locked some accounts and users would need to reset their passwords.
"The purported Twitter @names and passwords may have been amassed from combining information from other recent breaches, malware on victim machines that are stealing passwords for all sites, or a combination of both," wrote Michael Coates, chief security officer at Twitter, in the blogpost.
“所谓的Twitter账户和密码可能来源于其他最近的泄漏事件，受害用户设备上盗取各网站密码的恶意软件，或者是两者的结合。”Twitter 的首席安全官Michael Coates在一篇博文中写道。
Security firm Leaked Source, which first shared information about the list, said its analysis suggested the information came from PCs infected with data-stealing malware.
Twitter’s cross-checking of the list showed that some of the log-in data being offered was real, said Mr Coates, and led to the micro-blogging service locking those accounts and forcing a password reset.
Mr Coates 称Twitter对这份列表交叉分析显示其提供的部分登录信息是真实的，故其账户服务被锁定并被强制要求重置密码。
He said Twitter had taken similar action in recent weeks as data from other breaches became publicly available.
He did not say how many of the supposedly stolen log-ins were legitimate or how many accounts had been locked.
Some security experts have expressed doubt about whether all the information in the list of 32 million log-in names is genuine.
Per Thorsheim, who advises companies about security and safe log-in procedures, said he was "sceptical" about the data but added that he had not had chance to look through it himself.
"A 32 million leak doesn’t make sense," he said. "It could be a very old leak from when Twitter only had 32 million users, it could be a chunk of the full dataset from a recent breach or what I usually think - it’s just made-up junk."
Troy Hunt, who maintains an online repository of breach data, told technology news site Ars Technica that he too had his doubts about the list.
从事维护外泄数据存储库的工作者Troy Hun告诉科技新闻网站Ars Technica的记者，他强烈怀疑这份名单的来源及真实性。
"I’m highly sceptical that there’s a trove of 32 million accounts with legitimate credentials for Twitter," he said. "The likelihood of that many records being obtained independently of a data breach and them being usable against active Twitter accounts is extremely low."
The sale of the Twitter list comes in the wake of a series of "mega-breaches" which have seen data stolen from companies many years ago now being widely shared. More than 600 million passwords feature in the massive data dumps.
Cyberthieves are keen to get at this data because many people reuse log-in names and passwords so finding a working combination on one service may unlock many others.