Hackers leak email addresses of 235 million Twitter users: report
Hackers took the email addresses of more than 235 million Twitter users and posted them on an Internet forum, according to a cybersecurity expert.
The breach “will unfortunately lead to a lot of hacking, phishing and doxxing,” Alon Gal, co-founder of Israeli cybersecurity monitoring firm Hudson Rock, wrote on LinkedIn.
On his LinkedIn page, Gal — who called the breach “one of the most significant leaks I’ve seen” — posted screenshots of hacked email addresses he found on the dark web.
“This database will be used by hackers, political hacktivists and of course governments to further erode our privacy,” Gal told the Washington Post.
Twitter has not commented on the report, which Gal first posted on social media on Dec. 24, nor has it responded to questions about the breach since that date.
Alon Gal of Israeli cybersecurity firm Hudson Rock posted an article on LinkedIn announcing the leak.LinkedIn/Alon Gal
It was not clear what action, if any, Twitter has taken to investigate or correct the issue.
Footage of the hacker forum where the data appeared on Wednesday has been circulating online.
There was no information on the identity or location of the hacker or hackers behind the breach. It could have happened as early as 2021, which was before Elon Musk took ownership of the company last year.
Claims about the size and scope of the breach initially varied with early accounts in December saying 400 million email addresses and phone numbers had been stolen.
Gal also posted screenshots of hacked email addresses he found on the dark web.LinkedIn/Alon Gal Gal said the hack could leave people vulnerable to phishing and doxxing attacks.LinkedIn/Alon Gal
Phishing is a tactic used by cybercriminals who send emails or text messages pretending to be from reputable companies. These messages ask their targets to send them personal information, including credit card numbers, passwords and other sensitive data.
“Doxxing” is the practice where internet users maliciously post an individual’s address or other sensitive information online without their consent.
The social media company has not yet commented on the claims of Gal.Agjencia Anadolu via Getty Images
Troy Hunt, creator of the breach notification site Have I Been Pwned, saw the leaked data and said on Twitter that it looked “pretty much as described”.
A major Twitter breach could interest regulators on both sides of the Atlantic.
The Data Protection Commission in Ireland, where Twitter has its European headquarters, and the US Federal Trade Commission have been monitoring the Elon Musk-owned company for compliance with European data protection rules and a US consent order. , respectively.
In November, the official Twitter account of the Baltimore Sun was hacked by cybercriminals, who then sent several vulgar messages.
By postal wire