The scam exploits the fact that many people use the same password for many sites
Twitter has identified a scheme that uses compromised file-sharing sites to steal the log on information of users.
The service said it had discovered a number of compromised "torrent" sites that include code used to skim usernames and passwords.
Torrent sites acts as indexes of links to TV, film and music files.
Scammers were then able to use the data to gain access to Twitter and other sites because many people use the same logon for multiple services.
The firm has reset the accounts of affected users, it said.
"The takeaway from this is that people are continuing to use the same email address and password (or a variant) on multiple sites," the firm said in a blog post.
"We strongly suggest that you use different passwords for each service you sign up for."
The conclusion is echoed by security researchers who say it is a particular problem for banking websites.
A survey of millions of people conducted by the security firm Trusteer, suggests that 73% of people share the passwords which they use for online banking, with at least one nonfinancial website.
Around 47% of users share both their user ID and password with at least one nonfinancial website, it found.
"Consumers are not aware, or are choosing to ignore, the security implications of reusing their banking credentials on multiple websites," said Amit Klein of the firm.
Twitter said that it had discovered the scam after seeing unusual activity on the site.
After "doing some digging" the firm found a network of compromised torrent sites that included code that could be used to harvest logon information.
"It appears that for a number of years, a person has been creating torrent sites that require a login and password as well as creating forums set up for torrent site usage and then selling these purportedly well-crafted sites and forums to other people innocently looking to start a download site of their very own," said the firm.
The sites also contained security exploits allowing the person to steal usernames and passwords.
"This person then waited for the forums and sites to get popular and then used those exploits to get access to the username, e-mail address, and password of every person who had signed up."
Twitter said that it hadn't identified all of the affected torrent sites but had reset the passwords of compromised accounts.
The information comes as security firm Sophos launched its annual report.
One of its findings that spam and attacks on social networks - such as Twitter and Facebook - had risen 70% in the last year.
Facebook was branded the "riskiest" network, although the firm also pointed out that it was also the largest and would therefore attract the most attention form cybercriminals.