Email addresses of 200 million Twitter users leaked onto the internet, researcher claims
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.Hackers appear to have stolen the email addresses of more than 200 million Twitter users.
The information has been posted online, leaving the owners of those accounts in danger of a wide variety of attacks, experts warned. It does not include private information such as passwords, however.
The breach “will unfortunately lead to a lot of hacking, targeted phishing and doxxing,” Alon Gal, co-founder of Israeli cybersecurity-monitoring firm Hudson Rock, wrote on LinkedIn. He called it “one of the most significant leaks I’ve seen”.
Twitter has not commented on the report, which Gal first posted about on social media on Dec. 24, nor responded to inquiries about the breach since that date. It was not clear what action, if any, Twitter has taken to investigate or remediate the issue.
Reuters could not independently verify the data on the forum was authentic and came from Twitter. Screenshots of the hacker forum, where the data appeared on Wednesday, have circulated online.
Troy Hunt, creator of breach-notification site Have I Been Pwned, viewed the leaked data and said on Twitter that it seemed “pretty much what it’s been described as”.
There were no clues to the identity or location of the hacker or hackers behind the breach. It may have taken place as early as 2021, which was before Elon Musk took over ownership of the company last year.
Claims about the size and scope of the breach initially varied with early accounts in December saying 400 million email addresses and phone numbers were stolen.
A major breach at Twitter may interest regulators on both sides of the Atlantic. The Data Protection Commission in Ireland, where Twitter has its European headquarters, and the U.S. Federal Trade Commission have been monitoring the Elon Musk-owned company for compliance with European data protection rules and a U.S. consent order respectively.
Messages left with the two regulators were not immediately returned on Thursday.
Additional reporting by Reuters
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments