It might be time to consider changing your Twitter password.

According to LeakedSource, a site that keeps a database of leaked login credentials, 32,888,300 Twitter usernames and passwords have been hacked and put up for sale on the dark web.

The details were most likely obtained through individual malware attacks, instead of an attack on the social media site itself, according to the website.

According to LeakedSource, a site that keeps a database of leaked login credentials, 32,888,300 Twitter usernames and passwords have been hacked and put up for sale on the dark web. The details were most likely obtained through individual malware attacks, instead of an attack on the social media site itself, according to the website

WHAT IS A MALWARE ATTACK? The words malware, comes from a combination of the words 'malicious' and 'software'. It is software that is specifically designed to gain access or damage a computer without the knowledge of the owner. There are various types of malware including spyware, keyloggers, true viruses, worms and other types of malicious code that infiltrates a computer. The best protection from malware is being careful about what email attachments you open, staying cautious when surfing and away from suspicious websites. It also helps to install and maintain an updated, quality antivirus program. Advertisement

The website LeakedSource has gathered a database of Twitter usernames and passwords that are on sale on the dark web, working over a series of months.

The attacks were probably done through retrieving passwords stored in people's browsers, like Google Chrome or Mozilla Firefox, LeakedSource said in a blog post.

'The explanation for this is that tens of millions of people have become infected by malware, and the malware sent every saved username and password from browsers like Chrome and Firefox back to the hackers from all websites including Twitter,' the blog said.

This is because some of the 'uncrackable' passwords that had been added to the list recently were in plaintext, a format that Twitter would be unlikely to store passwords in, for security reasons.

On top of this, a significant amount of users with the password '<blank>' and 'null' were found, which is often what browsers will save if no password is entered.

It might be time to consider changing your Twitter password. A Twitter spokesperson also said the social media site had not been hacked. The attacks were probably done through retrieving passwords stored in people's browsers, like Google Chrome or Mozilla Firefox

TOP HACKED TWITTER PASSWORDS Rank Password Frequency 1 123456 120,417 2 123456789 32,775 3 qwerty 22,770 4 password 17,471 5 1234567 14,401 6 1234567890 13,799 7 12345678 13,380 8 123321 13,161 9 111111 12,138 10 12345 11,239

The majority of hacked Twitter users seemed to be based in Russia, with 5,028,220 email addresses ending in '@mail.ru', according to the blog.

Even those with long passwords are not safe, as 148,551 visible passwords were over 30 characters in length.

'Also we triple checked, Mark Zuckerberg isn't in this data set,' the blog post said.

Earlier this week, the Facebook founder had his social media accounts hacked by a Saudi based group that discovered his password was 'dadada'.

'We have attempted to contact Twitter to provide them some more information but have not heard back yet,' the blog post added.

'The lesson here? It's not just companies that can be hacked, users need to be careful too.'

A Twitter spokesperson told MailOnline the social media site had not been hacked.

'We are confident that these usernames and credentials were not obtained by a Twitter data breach – our systems have not been breached. In fact, we've been working to help keep accounts protected by checking our data against what's been shared from recent other password leaks.'

Celebrities including Drake (pictured left), Lana Del Ray (right) and Kylie Jenner are among those who have had Twitter accounts hacked in recent weeks, although it is not clear whether the profiles were included in the 32 million listed in the database

Mark Zuckerberg's social media accounts were hacked by Saudi-based group OurMine. The group has accessed the Facebook founder's Twitter and Pinterest accounts, using the hacked accounts to post messages claiming responsibility

MARK ZUCKERBERG IS HACKED This week it was reported that Facebook founder and CEO Mark Zuckerberg's Pinterest and Twitter accounts have been hacked. Saudi-based group OurMine claimed responsibility, using Zuckerberg's own accounts to post messages. The group claims it found his password 'dadada' in the recent leaks of the LinkedIn in password dump from 2012, in which usernames and passwords associated with more than 160 million accounts were compromised. Advertisement

The chief executive of tech support firm Zendesk has become the latest high-profile figure to have his Twitter account hacked, according to the BBC.

Mikkel Svane's hijacked account had its ID image changed to that of a cartoon.

Celebrities including Kylie Jenner, Lana Del Ray and Drake are among those who have been hacked in recent weeks, although it is not clear whether the profiles were included in the 32 million listed in the database.

LeakedSource has added the information to its search engine, which is a paid service, but lets people remove leaked information for free.

Twitter's security officer Michael Coates Tweeted: 'We have investigated reports of Twitter usernames/passwords on the dark web, and we're confident that our systems have not been breached.'

This news comes not long after it was revealed that major companies such as Facebook and Netflix are scanning through login details revealed in previous data leaks from other sites to see whether their own users' credentials match.

If they find matching passwords, they are then asking users to reset their passwords in an attempt to increase their security.

Netflix have sent emails to many of their users, forcing them to change their passwords, who they have found to have matching credentials with other sites, such as LinkedIn, Tumblr and Myspace, from leaked data

Facebook scoured the leaked credentials from the Adobe data leak in 2013 to see whether users were still using the same passwords across more than one site, in order to stop hackers from being able to access accounts

HOW TO CHOOSE A PASSWORD Avoid favourite sports. 'Baseball' and 'football' are common words in password lists. Birthdays and years of birth are easy to guess with the help of personal information. Common names such as Michael and Jennifer are insecure. Experts suggest using eight mixed types of characters, with seemingly random combinations if possible. They say that passphrases – short words with spaces or other characters separating them – are easy to recall and are relatively secure if seemingly random words are used. Experts also advise having different passwords for different sites, instead of relying on one, which if hacked, could prove particularly serious. Advertisement

Netflix, for example, sent emails to multiple users last week who used the same password for them as they did for LinkedIn, Tumblr and Myspace a few years ago.

The message read: 'We believe your Netflix account credentials may have been included in a recent release of email addresses and passwords from an older breach at another company,

'Just to be safe, we've reset your password as a precautionary measure'.

It then added that those who want to reset their passwords again should click on 'forgot your email or password'.

Netflix said it had taken the step because they know hackers will be using the passwords obtained from previous data leaks from other organisations to try and access people's profiles on multiple other third-party sites.

Lastt month, the professional social network LinkedIn told members Wednesday that data from some 100 million users stolen in a 2012 hack had been leaked online, and recommended a change in passwords.

LinkedIn had said in 2012 that some 6.5 million user records may have been breached, but this week learned that a much wider set of data had leaked.

'Yesterday, we became aware of an additional set of data that had just been released that claims to be email and hashed password combinations of more than 100 million LinkedIn members from that same theft in 2012,' LinkedIn's Cory Scott said in a blog post on 18 May.