An expert in cybersecurity claims that hackers stole the email addresses of more than 235 million Twitter users and posted them on a website forum.
Alon Gal, co-founder of Israeli cybersecurity-monitoring company Hudson Rock, wrote on LinkedIn that the breach “will regrettably result in a lot of hacking, targeted phishing, and doxxing.”
Gal uploaded images of the compromised email addresses that he discovered on the dark web on his LinkedIn page, calling the incident “one of the most major dumps I’ve seen.”
“This database is going to be used by hackers, political hacktivists and of course governments to harm our privacy even further,” Gal told The Washington Post.
Gal first discussed the report on social media on December 24, but since then, neither Twitter nor enquiries regarding the breach have received any comments.
What steps, if any, Twitter has done to look into or fix the problem are unclear.
Online users have been sharing screenshots of the hacker forum where the information first surfaced on Wednesday.
The identity or location of the hacker or hackers responsible for the intrusion was unknown. Before Elon Musk acquired control of the business last year, in 2021, that might have happened.
At first, there were conflicting reports regarding the magnitude and scope of the breach, with early reports in December claiming that 400 million email addresses and phone numbers were taken.
Cybercriminals will send emails or texts purporting to be from well-known companies as a method known as phishing. These communications request sensitive data such as passwords, credit card numbers, and other private information from their recipients.
Doxxing is the act of maliciously publishing a person’s address or other sensitive information online without that person’s consent.
After viewing the exposed data, Troy Hunt, the founder of the breach notification website Have I Been Pwned, commented on Twitter that it appeared to be “very much what it’s been described as.”
Regulators on both sides of the Atlantic might be interested in a significant Twitter breach.
Twitter is being watched for compliance with European data protection laws and a US consent order by the Data Protection Commission in Ireland, where the company’s European headquarters are located, and by the US Federal Trade Commission.