Twitter has taken swift action to protect users' accounts after millions of passwords were put up for sale online.
More than 32 million records were offered for the price of 10 Bitcoin (C$7,380) on the dark web this week, Forbes reported.
Twitter has responded by locking down a number of accounts and forcing a password reset, according to The Verge.
The leaked records include passwords, usernames, email addresses, and even second emails, according to Leaked Source, an online catalogue of leaked information.
Twitter info security officer Michael Coates tweeted that the leak hasn't come as a result of a breach, but because of malware that read saved usernames and passwords on browsers such as Chrome and Firefox, and then sent the info to hackers.
We securely store all passwords w/ bcrypt. We are working with @leakedsource to obtain this info & take additional steps to protect users.
— Michael Coates ஃ (@_mwc) June 9, 2016
"Passwords were stolen directly from consumers, therefore they are in plaintext with no encryption or hashing," Leaked Source said.
"Remember that Twitter probably doesn't store the passwords in plaintext, Chrome and Firefox did."
Leaked Source posted a list of the most common passwords for Twitter users that have been affected by malware. And some of them are painfully obvious.
One can't help but be reminded of a scene from the "Star Wars" spoof "Spaceballs."
The lockdown comes after hackers obtained as many as 117 million email addresses and passwords through professional networking site LinkedIn.
That information came as a result of a hack that took place in 2012. It too was shopped on the dark web, for the price of five Bitcoin ($3,690.21), according to Motherboard.