A total of 34.062 unique accounts where leaked Eset reports and the reporter has cross referenced the list with the LulzSec leak back in 2011 and the accounts that have an e-mail in them seem to have come from the LulzSec leak but the rest are fresh.
Many more accounts have surfaced on pastebin with lists containing 10k + accounts, we are not sure if these two leaks are related/the same accounts. We are still not sure who has released these accounts.
There are two kinds of accounts in the list, ones with a user name (e.g. “Hayleyjsvze”), and ones with an e-mail (e.g. “[email protected]”). On Twitter, you can login with either your user name, or your e-mail, so that could be the reason there are two different kinds.. or?
Of the 34.062 unique accounts, 25.068 accounts seems to be an e-mail address. Those accounts look “real”. They all seem to have “regular” passwords (easier words, numbers). The rest of the accounts, the ones that aren’t based on an e-mail address, all seem to be spam-accounts. They have a few, if any, posts, following many others, but very few followers of their own. And they all have random 8 character passwords..
Now, looking back to the real accounts, here are some statistics from the e-mails used for the accounts:Total number of accounts: 34.062 Total number of e-mails: 25.068 (where a few are incorrect, or contain typos) Domain "hotmail.com": 15,777 Domain "gmail.com": 2,193 Total NOT using ".com": 6,046 (but a handful of invalid e-mails in there too) Total using ".com.br": 5,736
So, almost 95% of the country-specific e-mails are from Brazil (.com.br)! And of the “55.000″ accounts, about 9000 seem to be Twitter-spam accounts..
I think this is probably the result of either a leak of a big Brazilian hacked website, or a Brazil-targetted phishing, combined with 9000 Twitter-spam accounts.