Hackers have stolen the email addresses of more than 200 million Twitter users and posted them on an online hacking forum, according to a security researcher cited by Britain's Guardian.
The leak "will unfortunately lead to many hacker attacks, targeted phishing and the publication of personal information," Alon Gal, co-founder of Israeli cybersecurity monitoring firm Hudson Rock, warned on LinkedIn. It's "one of the most serious leaks I've seen," he noted. .
Twitter did not comment on the report, which Gal first posted on social media on Dec. 24, or respond to questions about the breach. It was unclear whether he has taken steps to investigate the case and manage the leak.
Reuters reported that it was unable to independently verify. if the data in the forum was authentic and came from Twitter. Screenshots of the website where the data was leaked on Wednesday have been released online.
Troy Hunt, creator of user hacking website Have I Been Pwned, reviewed the leaked data and tweeted that the situation was "pretty much as described."
There was no indication of the identity or location of the hacker or hackers behind the attack which may have been launched in 2021, before Elon Musk bought the platform.
Reports of the size of the breach initially varied, with the first accounts in December saying 400 million email addresses and phone numbers were stolen.
Such a large attack on Twitter could concern regulators on both sides of the Atlantic. The Data Protection Commission in Ireland, where Twitter has its European headquarters, and the US Federal Trade Commission are monitoring the Elon Musk-owned company for compliance with European data protection rules and US regulations respectively.
With information from the Guardian