Twitter has asked some users to reset their passwords after a phishing attack. It has urged members who use the same password for other online services to take action to protect their privacy.
The microblogging service sent out notices to users it suspected had become victims of phishing attacks on torrent filesharing sites and forums.
"This information was then used to attempt to gain access to third-party sites such as Twitter," said Del Harvey, director of trust and safety at Twitter, in a status update.
Anyone who has signed up for a torrent forum or torrent site built by a third party should change their Twitter password, he said.
People are continuing to use the same e-mail address and password or a variant on multiple sites, Twitter investigations revealed.
A report from security firm Trusteer has confirmed this trend among users of online banking facilities.
Some 47% of users share both their user ID and password with at least one other website and 73% share their online banking password with at least one other site, the report revealed.
"Through discussions with affected users, we have discovered a high correlation between those who have used third-party forums and download sites and those who were on our list of possibly affected accounts," said Harvey.
He urged Twitter users to read and follow its guidance for keeping accounts safe.
Stephen Howes, chief executive at security firm GrIDsure, said the Twitter case is yet another demonstration of the inherent weakness of fixed passwords.
"Organisations need to replace this flawed method of authentication with a one-time passcode method," he said.
Malware and spam attacks against users of social networking sites such as Twitter have increased by 70% in the past year, according to a report by Sophos.