More than 200 million email addresses were obtained in a Twitter breach, which were then posted on an internet hacking forum, according to a security researcher.
Israeli cybersecurity-monitoring firm Hudson Rock co-founder Alon Gal wrote on LinkedIn that the breach “will unfortunately lead to a lot of hacking, targeted phishing and doxxing.”
Gal called it “one of the most significant leaks I’ve seen”.
Gal first discussed the report on social media on December 24, but since then, neither Twitter nor enquiries regarding the breach have received any comments.
What steps, if any, Twitter has done to look into or fix the problem are unclear.
Reuters was, however, unable to independently confirm that the information on the forum was real and originated from Twitter.
Read also: China bans COVID response critics on social media (commsroom.co)
Online images of the hacker forum where the data surfaced have been circulating.
Creator of breach-notification site Have I Been Pwned Troy Hunt reviewed the leaked data and said that it seemed “pretty much what it’s been described as”.
The identity or location of the hacker or hackers responsible for the breach was unknown.
It is speculated to have taken place as early as 2021, prior to Elon Musk acquiring the company last year.
At first, there were conflicting reports regarding the magnitude and scope of the breach, with early reports in December claiming that 400 million email addresses and phone numbers were taken.
Regulators on both sides of the Atlantic might be interested in a significant Twitter breach.
Twitter has been under scrutiny by the US Federal Trade Commission and the Irish Data Protection Commission for compliance with European data protection laws and a US consent order, respectively. Ireland is home to Twitter’s European headquarters.
With AAP.
Jaw de Guzman is the content producer for Comms Room, a knowledge platform and website aimed at assisting the communications industry and its professionals.