Cybercriminals hacked over 200 million email addresses of Twitter users and leaked them on a digital hacking forum, said a cyber security researcher on Wednesday.
Co-founder of Israeli cybersecurity-monitoring firm Hudson Rock Alon Gal showed concerns that the hacking “will, unfortunately, lead to a lot of hacking, targeted phishing and doing,” as he wrote on LinkedIn. He called it “one of the most significant leaks I’ve seen.”
Gal initially posted a report on the social media site on December 24. However, Twitter did not say anything about it and also avoided answering any inquiries about the breach since then. Therefore, it is also not known whether or not Twitter took any action to look into the matter or solve it.
Screenshots of the online hacking forum, which shows the leaked data have circulated online.
Troy Hunt, creator of breach-notification site Have I Been Pwned, saw the hacked data and commented on Twitter that it shows “pretty much what it’s been described as.”
Any information regarding the identity or location of the hackers was found. It is believed to have taken place sometime in 2021, a year before Elon Musk took over Twitter as its CEO.
At first, there were conflicting reports regarding the magnitude and scope of the breach, with early reports in December claiming that 400 million email addresses and phone numbers were taken.
Regulators on both sides of the Atlantic might be interested in a significant Twitter breach. Twitter is being watched for compliance with European data protection laws and a US consent order by the Data Protection Commission in Ireland, where the company’s European headquarters are located, and by the Federal Trade Commission in the United States.
On Thursday, messages left with the two regulators were not promptly responded to.