LONDON: Hackers have stolen the email addresses of more than 200 million Twitter users and posted them on an online hacking forum, a security researcher said Wednesday.
Alon Gal, co-founder of Israeli cybersecurity monitoring firm Hudson Rock, wrote on LinkedIn that the breach “will unfortunately lead to many hacks, targeted phishing and doxxing.” He called it “one of the most significant leaks I’ve seen.”
Twitter did not comment on the report, which Gal first posted on social media on December 24, and has not responded to inquiries regarding the violation since that date. It is not clear what action was taken.
Reuters was unable to independently verify that the forum data is genuine and comes from Twitter. A screenshot of the hacker’s forum showing the data on Wednesday circulated online.
Troy Hunt, creator of breach notification site Have I Been Pwned, said on Twitter that the leaked data looked “almost like what’s described.”
There were no clues to the identity or location of the hackers behind the breach. That could have happened in 2021, before Elon Musk took over ownership of the company last year.
Claims regarding the size and scope of the breach have varied, although they initially said that 400 million email addresses and phone numbers were stolen in accounts early in December.
A large Twitter breach could attract the attention of regulators on both sides of the Atlantic. The Irish Data Protection Commission, where Twitter is headquartered in Europe, and the U.S. Federal Trade Commission monitor the Elon Musk-owned company’s compliance with European data protection regulations and U.S. consent orders, respectively.
Messages left for the two regulators were not immediately returned on Thursday.