A security researcher said Wednesday that hackers stole the email addresses of more than 200 million Twitter users and posted them on an online hacking forum.
The breach “will unfortunately result in a lot of hacking, targeted phishing, and doxxing,” wrote Alon Gal, co-founder of Israeli cybersecurity monitoring firm Hudson Rock, on LinkedIn. “One of the most significant leaks I’ve seen,” he said.
Twitter has not commented on the report, which Gal first shared on social media on December 24, nor has it responded to inquiries about the breach since that time. It was unclear what steps Twitter had taken, if any, to investigate or correct the problem.
Reuters was unable to independently confirm that the data on the forum was genuine and came from Twitter. Screenshots of the hacker forum where the data was discovered on Wednesday have gone viral.
Troy Hunt, founder of breach notification site Have I Been Pwned, viewed the leaked data and tweeted that it appeared to be “pretty much what it’s been described as.”
There were no hints about the identity or location of the hacker or hackers responsible for the breach. It could have happened as early as 2021, before Elon Musk took over ownership of the company last year.
The size and scope of the breach were initially disputed, with early reports in December claiming that 400 million email addresses and phone numbers were stolen.
A significant breach at Twitter may pique the interest of regulators on both sides of the Atlantic. The Data Protection Commission in Ireland, where Twitter has its European headquarters, and the United States Federal Trade Commission have both been monitoring the Elon Musk-owned company for compliance with European data protection rules and a U.S. consent order.
Messages left with the two regulators were not returned immediately on Thursday.