More than 32 million Twitter login names and passwords are reportedly being offered for sale online.
A hacker using the name Tessa88 is asking for 10 bitcoins (£4,000) from anyone that wants to copy the list.
It is not yet clear whether the list is genuine or how it has been compiled. Some reports suggest it brings together data stolen from users by malware.
In a statement, Twitter said it was “confident” that the data did not emerge from a breach of its network.
Information about the list emerged in a blog entry on the website of a company called Leaked Source, which has built a database of login data that has been stolen or leaked.
It said the dataset shared with it by Tessa88 contained 32,888,300 records – each one of which listed an email address, username and password.
“We have very strong evidence that Twitter was not hacked, rather the consumer was,” said the company in its blog.