Thousands of Twitter account passwords leaked (update: or not)

Elinor Mills at CNET digs into who leaked thousands of username/email/password sets yesterday, and what Twitter is doing about it.

Here are the Pastebin leaks, in case you want to check to see if your account was one of the ones published: one, two, three, four, five.

It's not entirely clear that this is the massive user data breach it was made out to be when first revealed.

A quick scan of the Pastebin dump (hell yeah, I checked for my own) shows that many of the listed accounts appear to be duplicates, and/or spambots or suspended accounts.

Further, the passwords are "stronger" than average: this link shows seemingly random alphanumeric strings, mixed case, 8 characters every single one. Wonder what the real story is.

If in doubt about your own account, you can always update your password.

Re: Allegedly exposed credentials: We're looking into the situation and have pushed out password resets to potentially affected accounts.

— Twitter Comms (@twittercomms) May 9, 2012

The list of alleged accounts & passwords consists of more than 20,000 duplicates. Also suspended spam accounts & incorrect login credentials

— Twitter Comms (@twittercomms) May 9, 2012