Hackers have stolen the email addresses of more than 200 million Twitter users and posted them on an online hacking forum, a security researcher has revealed.
The breach “will unfortunately lead to a lot of hacking, targeted phishing and doxxing”, Alon Gal, co-founder of Israeli cybersecurity monitoring firm Hudson Rock, wrote on LinkedIn. He called it “one of the most significant leaks I’ve seen”.
Twitter has not commented on the report, which Gal first posted about on
social media on 24 December, nor responded to inquiries about the
breach since that date. It was not clear what action Twitter has taken
to investigate the issue.
The screenshots of the hacker forum, where the data appeared on Wednesday, have circulated online.
Troy Hunt, creator of breach notification site Have I Been Pwned, viewed
the leaked data and said on Twitter that it seemed “pretty much what
it’s been described as”.
There were no clues to the identity or location of the hacker or hackers
behind the breach. It may have taken place as early as 2021, which was
before Elon Musk took over ownership of the company last year.
Claims about the size and scope of the breach initially varied with
early accounts in December saying 400m email addresses and phone numbers
were stolen.
A major breach at Twitter may be of interest to the US Federal Trade
Commission who have been monitoring the Elon Musk-owned company for
compliance with European data protection rules and a US consent order
for months.
