There are no clues to the identity or location of the hacker or hackers who may have breached Twitter as early as 2021.
Hackers stole the email addresses of more than 200 million Twitter users and posted them on an online hacking forum, a security researcher has said.
The breach “will unfortunately lead to a lot of hacking, targeted phishing and doxxing,” Alon Gal, co-founder of Israeli cybersecurity-monitoring firm Hudson Rock, wrote on LinkedIn on Wednesday. He called it “one of the most significant leaks I’ve seen.”
list of 4 items
Suspected Chinese hackers spied on gov’ts, NGOs, media: Report
Hacker demands $10m to stop leaking Australians’ medical records
Australian police blame Russian hackers for medical records leak
North Korean hackers used Itaewon tragedy for malware: Google
end of list
Twitter has not commented on the report, which Gal first posted about on social media on December 24, nor responded to inquiries about the breach since that date. It was not clear what action, if any, Twitter has taken to investigate or remediate the issue.
The Reuters news agency could not independently verify that the data on the forum was authentic and came from Twitter. Screenshots of the hacker forum, where the data appeared on Wednesday, have circulated online.
Troy Hunt, creator of breach-notification site Have I Been Pwned, viewed the leaked data and said on Twitter that it seemed “pretty much what it’s been described as”.
There were no clues to the identity or location of the hacker or hackers behind the breach. It may have taken place as early as 2021, before Elon Musk took ownership of the company last year.
Claims about the size and scope of the breach initially varied with early accounts in December, which said 400 million email addresses and phone numbers were stolen.
A serious breach at Twitter may interest regulators on both sides of the Atlantic. The Data Protection Commission in Ireland, where Twitter has its European headquarters, and the United States Federal Trade Commission have been monitoring the Musk-owned company for compliance with European data protection rules and a US consent order respectively.
Messages left with the two regulators were not immediately returned on Thursday.