Twitter is facing a fresh security problem this week after a researcher warned that 200 million user email addresses have been leaked online.
The claim was made by Alon Gal, co-founder of Israeli cybersecurity-monitoring firm Hudson Rock on LinkedIn. He alleged that email addresses that were used to set up Twitter accounts, were published on a hacking forum.
Gal added that the database “contains 235,000,000 unique records of Twitter users and their email addresses.” He said the database is “circulating heavily and is now leaked” and will “unfortunately lead to a lot of hacking, targeted phishing, and doxxing.”
According to Alon Gal, the publication of this database is likely to have the following consequences for victims, as it will enable hackers to:
Gal reportedly called it “one of the most significant leaks I’ve seen.”
Twitter has so far not commented on the report, but the platform no longer has a press department or communications team after Elon Musk’s mass firings.
Silicon UK could not verify the data on the forum was authentic and came from Twitter, and the leaked data could have been obtained before Elon Musk took over Twitter, and sacked most of its workforce.
However noted security researcher Troy Hunt, creator of breach-notification site Have I Been Pwned, analysed the leaked data and said on Twitter that the “addresses are only in the scraped Twitter data because they’d already been compromised elsewhere, and so the cycle continues…”
Previous claims about the size and scope of the breach initially varied with early accounts in December saying 400 million email addresses and phone numbers were stolen.
Indeed this week Ireland’s data protection office said it would investigate the apparent security breach.
It came after a hacker, using the handle “Ryushi”, offered a sample of details from about 1,000 accounts on 23 December, the same day that Ireland’s Data Protection Commission (DPC) said it would investigate an earlier Twitter breach that affected about 5.4 million accounts.
Regulators on both sides of the Atlantic have been monitoring the Elon Musk-owned company for compliance with European data protection rules and a US consent order respectively.
In November the Federal Trade Commission (FTC) said it was closely watching Elon Musk’s moves at Twitter with “deep concern”.
It should be remembered that the FTC had reached a settlement with Twitter in May 2022, after the platform was caught using personal user info to target ads.
That May FTC settlement had built on a 2011 agreement binding the company to install reasonable privacy safeguards and be accountable for an information security program.
In May 2022, when Twitter agreed to pay a $150 million penalty for allegedly deceiving users about how their phone numbers would be used to sell ads, the FTC gained new concessions.
Under that order, Twitter reportedly agreed to install an enhanced privacy program and information security program with specific requirements.
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…