Hackers stole more than 200 million email addresses Twitter users and posted them on an online hacking forum, a security researcher said Wednesday.
Alon Gal, co-founder of Israeli cybersecurity monitoring firm HudsonRock, wrote on LinkedIn that the hack “will unfortunately lead to a lot of hacking, targeted phishing, and information dispensation.” He called it “one of the most important leaks I’ve seen”.
Twitter has not commented on the report, which Gall first posted on social media on Dec. 24, and has not responded to inquiries about the breach since that date. It was not clear what action, if any, Twitter took to investigate or address the issue.
Reuters could not independently verify whether the data on the forum was authentic and coming from Twitter. Screenshots of the hacker forum, where the data appeared on Wednesday, have been circulating online.
Troy Hunt, creator of hack notifications website Have I Been Pwned, saw the leaked data and said on Twitter that it looked “pretty much what it was described as”.
There were no clues as to the identity or location of the hacker or hackers behind the hack. It may have happened as early as 2021, that is, before Elon Musk took ownership of the company last year.
Claims about the size and scope of the hack initially varied, with early accounts in December saying 400 million email addresses and phone numbers were stolen.
The major Twitter breach could interest regulators on both sides of the Atlantic. The Data Protection Commission in Ireland, where Twitter is headquartered in Europe, and the US Federal Trade Commission monitor Elon Musk’s company for compliance with European data protection rules and the US consent order, respectively.
Messages left with organizers were not immediately returned Thursday.
