Twitter says it's investigating how nearly 60,000 user logins were posted online - but says the hack's not nearly as bad as it looks.
On Monday, what appeared to be logins and passwords were posted on Pastebin in five separate documents (here's the first). No group has yet claimed responsibility.
However, all may not be as it seems. As many as 20,000 of the entries are duplicates, and many of the rest aren't valid logins after all, consisting simply of an email address.
Early reports that the list included the login details of a number of celebrities haven't been confirmed.
In any case, says Twitter, many of the genuine entries are for spam accounts that have already been suspended. Spam's a huge problem for Twitter: in fact, the company is currently suing several alleged spammers who, it says, have cost it over $700,000.
Of the other entries, says Twitter, many are bogus, as thepasswords and usernames given aren't actually associated with one another.
However, Twitter's now in the process of pushing out password resets to accounts that may have been affected, and says it's investigating how the breach happened.