A hacktivist known as Mauritania Attacker has claimed to have compromised every account on Twitter by stealing a list of OAuth tokens.
OAuth is an authorisation protocol that allows websites to share log-in credentials. The stolen tokens could theoretically be used to access Twitter accounts without need for a password.
UPDATE Twitter has said that is has investigated the situation and "no Twitter accounts were compromised".
According to Indian security news site Techworm, known-hactivist Mauritania Attacker published OAuth details for 15,167 Twitter accounts on a file-sharing website earlier today.
"In a conversation with Techworm, he confirmed that he have access to entire database of users on twitter and no account is safe from him, may be he will leak unlimited accounts credentials in the coming future [sic]."
Techworm's story was linked to from the Twitter account of AnonGhost, an Anonymous-affiliated hacktivist group led by Mauritania Attacker, and from his own Facebook page.
Mauritania Attacker was profiled by news agency Reuters in June. It said he is a 23-year-old from the West African country of Mauritania.
AnonGhost, which purports to promote Islam and target its enemies, has defaced over 10,000 websites this year, Reuters reported.
In April, the group participated in an attack on various Israeli targets, named #OpIsrael. In June, Mauritania Attacker claimed to have discovered a new security weakness in Facebook.
The Reuters profile quotes an executive from Israeli IT security firm Radware as saying that Mauritania Attacker has united various pro-Islamic hacking groups that have recently emerged in Africa.