Thousands of Twitter passwords exposed

(CNET) Twitter is investigating the release of what appear to be thousands of user account passwords and e-mail addresses.

Full coverage of Twitter at Tech Talk

"We are currently looking into the situation. In the meantime, we have pushed out password resets to accounts that may have been affected," Twitter spokesman Robert Weeks told CNET in an e-mail. "For those who are concerned that their account may have been compromised, we suggest resetting your passwords and more in our Help Center."

The user data, so vast that it took five Pastebin pages to post, was released yesterday and blogged about on Airdemon.net, putting the number of accounts affected at 55,000 or more. It's unclear who posted the data, and why.

Twitter challenges court order to hand over user data
Twitter resets passwords after phishing attack

Weeks disputed that estimate, noting that many of the passwords and accounts seemed like duplicates.

"It's worth noting that, so far, we've discovered that the list of alleged accounts and passwords found on Pastebin consists of more than 20,000 duplicates, many spam accounts that have already been suspended, and many log-in credentials that do not appear to be linked (that is, the password and username are not actually associated with each other)," Weeks said.

The list does seem a bit odd, with many passwords that appeared to be robust, and a separation between e-mail addresses and user IDs that hacker Adrian Lamo noted on Twitter wasn't representative of a typical password dump.

This article first appeared at CNET.