According to a security researcher, hackers stole the email addresses of over 200 million Twitter users and posted them on an online hacking forum.
Alon Gal, the co-founder of Israeli cybersecurity monitoring firm Hudson Rock, wrote on LinkedIn that the breach will undoubtedly result in a significant amount of hacking, targeted phishing, and doxxing.
He described it as one of the largest leaks he had ever seen.
Gal first mentioned the report on social media on December 24, but neither Twitter nor inquiries about the breach have received any responses since then.
It’s unclear what steps Twitter has taken to investigate or resolve the issue.
Screenshots of the hacker forum where the information first surfaced have been shared online.
Troy Hunt, the founder of the breach notification website Have I Been Pwned, commented on Twitter after viewing the leaked data that it appeared to be “pretty much what it’s been described as.”
The identity and location of the hacker or hackers who caused the breach was unknown.
It could have happened before Elon Musk took control of the company last year, in 2021.
There were initially conflicting reports about the size and scope of the breach, with early December reports claiming that 400 million email addresses and phone numbers were stolen.
A significant Twitter breach could pique the interest of regulators on both sides of the Atlantic.
Twitter is being scrutinised by the Data Protection Commission in Ireland, where the company’s European headquarters are located, and the Federal Trade Commission in the United States for compliance with European data protection laws and a U.S. consent order.