A security researcher from Israel has disclosed that hackers had obtained the email addresses of more than 200 million Twitter users and had posted them on an online hacking forum, news agency Reuters reported.
Alon Gal, the co-founder of Israeli cybersecurity-monitoring firm Hudson Rock, wrote on LinkedIn, “The database contains 235,000,000 unique records of Twitter users and their email addresses and will, unfortunately, lead to a lot of hacking, targeted phishing, and doxxing. This is one of the most significant leaks I’ve seen.”
Since Gal first tweeted about the report on social media on December 24, neither Twitter nor its officials have reacted to queries about the breach. It was unclear what steps Twitter has taken to look into or fix the problem. However, on Wednesday, the data appeared on a hacker forum, and screenshots of that forum have been circulating online.
The owner of the breach-alert website Have I Been Pwned, Troy Hunt, viewed the leaked information and tweeted that it appeared to be “pretty much what it’s been described as,” report said.
There were no hints about the identity or location of the hacker or hackers responsible for the intrusion. Initially, there were varying claims about the size and scope of the breach. Reports of the breach in December claimed 400 million email addresses and phone numbers had been stolen.
The data was most likely gathered in late 2021 by taking advantage of a flaw in Twitter’s system that allowed third parties with an email address or phone number to locate any accounts that had given that information to Twitter, according to a report by The Washington Post.
Regulators on both sides of the Atlantic may be interested in a significant breach at Twitter. Twitter is being watched for compliance with European data protection bodies including the Data Protection Commission in Ireland, where Twitter’s European headquarters are located. The Federal Trade Commission in the United States is also looking into breach in Twitter’s cyber security.