Twitter has finally acknowledged "numerous" Twitter account names and password had been indeed stolen. Twitter promises it has taken immediate action to reset those passwords, so the users should be safe.
The breach didn't come from Twitter's servers though. According to the company, the hackers made lots of various attacks towards other websites and services which use Twitter plugins and store Twitter data.
Here is the official statement:
"We've investigated claims of Twitter @names and passwords available on the "dark web," and we're confident the information was not obtained from a hack of Twitter's servers.
The purported Twitter @names and passwords may have been amassed from combining information from other recent breaches, malware on victim machines that are stealing passwords for all sites, or a combination of both. Regardless of origin, we're acting swiftly to protect your Twitter account.
In each of the recent password disclosures, we cross-checked the data with our records. As a result, a number of Twitter accounts were identified for extra protection. Accounts with direct password exposure were locked and require a password reset by the account owner."
If you want to know more about the breach and read the Twitter tips of how to protect your data, just head over to the official Twitter blog.