Twitter has locked all affected accounts; if yours is among them you should have already received an email.
Twitter on Friday announced it has reset an unspecified number of accounts after tens of millions of user credentials were discovered on the dark Web.
The microblogging service reiterated that the leak did not result from a hack of its servers.
Instead, the hackers amassed the stolen credentials by combining information from other recent breaches and via password-stealing malware on victims’ machines.
“Regardless of origin, we’re acting swiftly to protect your Twitter account,” Twitter Trust and Information Security Officer Michael Coates wrote in a blog post.
Twitter’s security team cross-checked the information from this and other recent leaks with the company’s records and identified “a number” of accounts with exposed passwords.
Twitter has locked all affected accounts; if yours is among them you should have already received an email, and will need to need to reset your password.
The site also recommends that users enable login verification, its two-factor authentication tool.
Coates called this “the single best action you can take to increase your account security.”
Other actions you can take: set up a strong password, and don’t reuse it on other websites and consider using a password manager such as 1Password or LastPass to ensure you’re using strong passwords everywhere.
“The recent prevalence of data breaches from other websites is challenging for all websites — not just those breached,” Coates wrote. “Attackers mine the exposed username, email and password data, leverage automation, and then attempt to automatically test this login data and passwords against all top websites.
If a person used the same username and password on multiple sites then attackers could, in some situations, automatically take over their account.”