Navigation for News Categories

World Business
6 Jan 2023

Twitter hacked, 200 million user email addresses leaked, researcher says

9:43 am on 6 January 2023
(FILES) In this file photo illustration taken on April 26, 2022, a phone screen displays the Twitter logo on a Twitter page background, in Washington, DC. - Twitter misled users and federal regulators about glaring weaknesses in its ability to protect personal data, the platform's former security chief claimed in whistleblower testimony likely to impact the company's bitter legal battle over Elon Musk's takeover bid. In a complaint filed with the US Securities and Exchange Commission and published in part August 23, 2022, by The Washington Post and CNN, Peiter Zatko also accused Twitter of significantly underestimating the number of automated bots on the platform -- a key element in Musk's argument for withdrawing his $44 billion buyout deal. (Photo by Olivier DOULIERY / AFP)

Hackers have stolen Twitter user data, a researcher said. Photo: AFP

Hackers stole the email addresses of more than 200 million Twitter users and posted them on an online hacking forum, says a security researcher.

The breach "will unfortunately lead to a lot of hacking, targeted phishing and doxxing," Alon Gal, co-founder of Israeli cybersecurity-monitoring firm Hudson Rock, wrote on LinkedIn.

He called it "one of the most significant leaks I've seen."

Twitter has not commented on the report, which Gal first posted about on social media on 24 December, nor responded to inquiries about the breach since that date. It was not clear what action, if any, Twitter has taken to investigate or remediate the issue.

Reuters could not independently verify the data on the forum was authentic and came from Twitter. Screenshots of the hacker forum, where the data appeared on Wednesday, have circulated online.

Troy Hunt, creator of breach-notification site Have I Been Pwned, viewed the leaked data and said on Twitter that it seemed "pretty much what it's been described as."

There were no clues to the identity or location of the hacker or hackers behind the breach. It may have taken place as early as 2021, which was before Elon Musk took over ownership of the company last year.

Claims about the size and scope of the breach initially varied with early accounts in December saying 400 million email addresses and phone numbers were stolen.

A major breach at Twitter may interest regulators on both sides of the Atlantic. The Data Protection Commission in Ireland, where Twitter has its European headquarters, and the US Federal Trade Commission have been monitoring the Elon Musk-owned company for compliance with European data protection rules and a US consent order respectively.

Messages left with the two regulators were not immediately returned.

- Reuters

Tags:

Copyright © 2023, Radio New Zealand

Related Stories

World

Get the RNZ app

for ad-free news and current affairs

Download from Apple App Store Download from Google Play Store

Top News stories