Data alleged to contain the email addresses of more than 200 million Twitter users is being given away for free on a hacker forum, reports say.
The stolen information includes email addresses used to set up accounts, which will worry anonymous users who registered with a sensitive address.
The BBC has not verified the data, and breaches often turn out to contain duplicate, old or fake information.
Twitter has not responded to requests for comment about the breach.
Alon Gal of cyber-crime information firm Hudson Rock, which spotted the leak, said it contained more than 200 million email addresses and was “significant”.
Mr Gal told the BBC it would “unfortunately lead to a lot of accounts getting hacked, targeted with phishing, and doxxed”.
Doxxing is the act of publishing personal information about someone that can lead to their identification.
The BBC has not downloaded the material, which has to be unlocked by using 20p worth of the forum credits.
Some form users have expressed their interest in the data, with one saying: “Thanks for your service cannot wait for the chaos.”
Tech news website Bleeping Computer has downloaded the data and confirmed that the email addresses were correct for many of the listed Twitter profiles. It also found the data contained duplicates.
It reported: “The full dataset has obviously not been confirmed. The dataset is far from complete, as there were many users who were not found in the leak.”
Another researcher suggested that many Twitter accounts feature many times, but the number of unique email addresses involved is still more than 100 million.
More details about the breach will be updated soon.