Hackers reportedly stole email addresses and other sensitive data from over 200 million Twitter users and posted them to an underground forum, according to a security expert.
The Twitter breach was first discovered Dec. 24 by Alon Gal, co-founder of cybersecurity firm Hudson Rock, according to Reuters. Gal believes the hack will “will unfortunately lead to a lot of hacking, targeted phishing and doxxing,” of the affected users. He also said it’s “one of the most significant leaks I’ve seen,” Reuters reported.
Many of the email addresses in the leak were reportedly verified by tech site Bleeping Computer. The site gained access to the data and ran tests to ensure the data belonged to the Twitter accounts listed. (RELATED: US-Designated Senior Terrorist Exploits Twitter Spaces To Promote Violence)
Hackers have allegedly been selling large data sets of Twitter profiles since July 22 by exploiting a vulnerability in Twitter’s Application Programming Interface (API), Bleeping Computer reported.
We’re committed to helping everyone on Twitter keep their accounts safe and secure, and that means helping owners of compromised accounts regain access and control.
Here’s what to do if your account has been compromised:
— Twitter Safety (@TwitterSafety) January 5, 2023
“We’re committed to helping everyone on Twitter keep their accounts safe and secure, and that means helping owners of compromised accounts regain access and control,” Twitter Safety said in a statement Thursday.
The programming issue was fixed by Twitter in January 2022, after multiple smaller data sets were put up for sale by hackers. The data set with information for over 200 million users was selling for $2 worth in a hacking forum’s currency, Bleeping Computer reported.
Ok folks, I know this Twitter data is in broad circulation now and I’ve had many people send it to me in the last 24 hours, I’ll take a good look at it today and work out how to handle it https://t.co/02LH4jrEQ1
— Troy Hunt (@troyhunt) January 4, 2023
Troy Hunt, creator of breach notification service Have I Been Pwned, said the breach was “pretty much what it’s been described as,” according to Reuters. Hunt discovered 211,524,284 unique email addresses when he examined the data Thursday, CNN reported.
The leaked data includes users names, account handles, follower numbers and the dates the accounts were created, according to CNN analysis.
Twitter did not respond to comment by the time of publication.