By Oyintari Ben
According to a security researcher, hackers acquired the email addresses of more than 200 million Twitter users and put them on an online hacking forum.
Alon Gal, co-founder of Israeli cyber-security-monitoring company Hudson Rock, said on LinkedIn on Wednesday that the breach “will regrettably result in a lot of hacking, targeted phishing, and doxxing.” One of the biggest spills I’ve ever seen, he said.
Gal first discussed the report on social media on December 24, but since then, neither Twitter nor enquiries regarding the breach have received any comments. It was unclear what steps, if any, Twitter had done to look into or fix the problem.
The information on the forum was legitimate and came from Twitter, but the Reuters news agency was unable to independently confirm this. Online users have been sharing screenshots of the hacker forum where the information first surfaced on Wednesday.
After viewing the exposed data, Troy Hunt, the founder of the breach notification website Have I Been Pwned, commented on Twitter that it appeared to be “very much what it’s been described as.”
The identity or location of the hacker or hackers responsible for the intrusion was unknown. It might have happened before Elon Musk acquired control of the business last year, in 2021.
Early accounts in December, which claimed 400 million email addresses and phone numbers were stolen, caused initial claims about the magnitude and scope of the breach to vary.
Regulators on both sides of the Atlantic might be interested in a serious Twitter breach. The United States Federal Trade Commission and the Data Protection Commission in Ireland, where Twitter’s European headquarters are located, have been keeping an eye on the Musk-owned company’s adherence to European data protection laws and a US consent decree, respectively.
On Thursday, messages left with the two regulators were not promptly responded to.
