In one of the largest data breaches ever, the email addresses of over 200 million Twitter users were posted by hackers on an online forum, a security researcher said.
Alon Gal, the co-founder of Israeli cybersecurity monitoring organization Hudson Rock wrote on LinkedIn that the breach “will unfortunately lead to a lot of hacking, targeted phishing and doxxing.” In his post made on Wednesday, Gal called it “one of the most significant data leaks I’ve seen.”
Meanwhile, Twitter is yet to comment on the report which Gal posted first on social media on December 24. The company has also not responded to inquiries about the breach since then. So far, it is not clear whether what action, if any, has been taken by Twitter to investigate the matter.
Screenshots of the hacker forum, where the data appeared on Wednesday, have widely circulated online, however, Reuters has so far not been able to independently verify that the data on the forum was authentic or whether it came from Twitter.
On the other hand, Troy Hunt, who created the breach-notification site ‘Have I Been Pwned’, said on Twitter, having viewed the leaked data that it seemed “pretty much what it’s been described as.”
The identity or location of the hack has also not been established yet and the incident may have taken place as early as in 2021, before the purchase of the company by Elon Musk. The size and scope of the breach have been claimed differently over time with early accounts from December claiming around 400 million email addresses and phone numbers were stolen.
Regulators on both sides of the Atlantic will be piqued by the serious breach at Twitter with the Data Protection Commission in Ireland, where Twitter’s European headquarters is located, and the United States Federal Trade Commission monitoring the Musk-owned company for compliance with European data protection rules and a US consent order respectively.
