Twitter has reportedly been the victim of a major data breach, with hackers posting the email addresses of 235 million users online. The hack might have occurred as early as 2021.
The New York Post reports that Twitter has suffered a significant data breach that has resulted in the email addresses of over 235 million users being published on an internet forum. The breach, which may have occurred as early as 2021, has raised concerns about the potential for hacking, phishing, and doxxing.
According to Alon Gal, co-founder of Israeli cybersecurity firm Hudson Rock, the latest Twitter breach is “one of the most significant leaks I’ve seen” and “will, unfortunately, lead to a lot of hacking, targeted phishing, and doxxing.” Gal posted screenshots of the hacked email addresses on his LinkedIn page and spoke to the Washington Post about the potential implications of the breach. “This database is going to be used by hackers, political hacktivists, and of course, governments to harm our privacy even further,” he said.
Twitter has yet to comment on the report, which was first posted on social media on December 24. The social media firm has also yet to respond to inquiries about the data breach since that date, leaving it unclear what action it took to investigate or remediate the issue.
The hacker or hackers behind the breach have not been identified, and there are no clues as to their location. It is possible that the breach took place before Elon Musk acquired the company in 2022. Initially, reports about the size and scope of the breach varied, with some accounts suggesting that as many as 400 million email addresses and phone numbers had been stolen.
Troy Hunt, the creator of the breach-notification site Have I Been Pwned, which alerts users if their information has been leaked, viewed the stolen data and stated on Twitter that it appeared to be “pretty much what it’s been described as.”
The Twitter data breach is likely to interest regulators on both sides of the Atlantic. The US Federal Trade Commission and the Data Protection Commission in Ireland, where Twitter’s European headquarters are located, have been monitoring the company for compliance with data protection rules and a US consent order, respectively.
Cybercriminals commonly use phishing attacks, sending emails or text messages pretending to be from reputable companies to steal personal information such as credit card numbers, passwords, and other sensitive data. “Doxxing” refers to the practice of maliciously posting an individual’s address or other sensitive information online without their consent.
Read more at the New York Post here.
Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship. Follow him on Twitter @LucasNolan