As someone who works for one of the Major Technology Companies, and is an authority technologically I can tell you that in order for so many accounts to have been compromised one of two things had to have happened.
It was not brute forced, there is easy to obtain software that can detect when this is happening and to do so many accounts would have taken over a year to brute force that many accounts. Twitter is a large tech company that does have brute force detection capability easily.
This means that a hacker stole credentials, used them to find the credential database and copied it out, or someone on the inside (Disgruntled Employee, or directed by @Jack) stole or gave a copy of the DB and sent it out to bitcoin scammers for their ends. But one thing is for sure, the credential DB was copied, so change your password pronto, and if you use the same credentials on Twitter anywhere else, change your password there as well.