A total of 34.062 unique accounts has been leaked reports ESET. They have cross-referenced the list with the LulzSec leak back in 2011 and many of the accounts that contain an e-mail seem to have come from the LulzSec leak but the rest are fresh.
Many more accounts have surfaced on Pastebin with lists containing 10k + accounts, we are not sure if these two leaks are related/to the same accounts. We are still not sure who has released these accounts.
There are two kinds of accounts in the list, ones with a user name (e.g. “Hayleyjsvze”), and ones with an e-mail (e.g. “[email protected]”). On Twitter, you can log in with either your user name or your e-mail, so that could be the reason there are two different kinds.. or?
Of the 34.062 unique accounts, 25.068 accounts seems to be an e-mail address. Those accounts look “real”. They all seem to have “regular” passwords (easier words, numbers). The rest of the accounts, the ones that aren’t based on an e-mail address, all seem to be spam accounts. They have a few, if any, posts, following many others, but very few followers of their own. And they all have random 8 character passwords.
Now, looking back to the real accounts, here are some statistics from the e-mails used for the accounts:
Total number of accounts: 34.062 Total number of e-mails: 25.068 (where a few are incorrect, or contain typos)
Domain "hotmail.com": 15,777
Domain "gmail.com": 2,193
Total NOT using ".com": 6,046 (but a handful of invalid e-mails in there too)
Total using ".com.br": 5,736
So, almost 95% of the country-specific e-mails are from Brazil (.com.br)! And of the “55.000″ accounts, about 9000 seem to be Twitter-spam accounts..
I think this is probably the result of either a leak of a big Brazilian hacked website or Brazil-targetted phishing, combined with 9000 Twitter-spam accounts.