Researcher claims Twitter hacked, data of 235mn users leaked

A security researcher has claimed that hackers have stolen personal data of 235 million Twitter accounts and the email addresses that were used to register them.

According to Alon Gal, co-founder of Israeli cybersecurity-watch firm Hudson Rock, the stolen data has been posted on an online hacking forum.

The breach came to light when Gal saw the data on a popular underground marketplace and posted about it on social media on December 24.

“This database is going to be used by hackers, political hacktivists, and, of course, governments to harm our privacy even further,” Reuters quoted Gal as saying.

Writing on LinkedIn, he called it “one of the most significant leaks I’ve seen.”

Also read: Obama, Biden, Gates, other Twitter accounts hacked in Bitcoin scam

There is no clarity as to when the breach actually took place, or about the identity or location of the hacker or hackers.

The records could have been compiled in the latter half of 2021, using a flaw in Twitter’s system. This was before Elon Musk took over ownership of the company late last year.

Security experts said that those who used Twitter to criticise governments or powerful individuals could be vulnerable to threats of exposure, arrest, or violence. Other users could be extorted. The hackers could also use the email addresses to try to reset passwords and take control of accounts.

In August 2022, Twitter said that it had learned of the vulnerability in January 2022 through its reward program for bug reports.

In July 2022, hackers were spotted selling millions of Twitter account handles and associated emails and phone numbers. That was the first time Twitter came to know that hackers were stealing its data.

“The much larger data dump was almost certainly compiled in the same way and has been offered for private sale and circulated for a while before the recent publication,” Gal said.

Also read: Scotland Yard Twitter and emails hacked

The Data Protection Commission in Ireland, where Twitter has its European headquarters, said last month that it was investigating the earlier breach. The new revelations are likely to intensify the probe. There is also an ongoing inquiry by the U.S. Federal Trade Commission into whether Twitter violated consent decrees under which it was supposed to take extra measures to protect user data.

In January 2022, Twitter fired both of its top security officers. One of them, Peiter Zatko, had been telling the company that it was not sufficiently prepared to prevent hacking attempts. Zatko later filed a whistleblower complaint with the Securities and Exchange Commission and testified about the deficiencies in Congress, according to The Washington Post.

Elon Musk previously used Zatko’s testimony about the poor security practices in Twitter while trying to get out of buying the company.

Twitter is yet to comment on the report.