The breach “unfortunately leads to a lot of hacking, targeted fraud and doxxing,” said Alon Gal, co-founder of Israeli cybersecurity monitoring company. Stone Hudson, wrote on LinkedIn. He called it “one of the most important leaks I’ve ever seen.”
Twitter has not commented on the report Gal first posted on the social network on December 24, nor has it responded to questions about the breach since that date. It’s not clear what action Twitter took to investigate or fix the issue.
Twitter eases 3-year ban on political ads in further policy change
Reuters could not independently verify the data on the forum was authentic and came from Twitter. Screenshots of the hacker forum, where the data appeared on Wednesday, has gone viral online.
The Hunt for TroyThe creator of the Have I Been Pwned breach notice page, saw the leaked data and said on Twitter that it appeared “quite similar to what it was described.”
There are no clues as to the identity or location of the hacker or the hackers behind the breach. It could have taken place as early as 2021, which is before Elon Musk took ownership of the company last year.
Claims about the size and scope of the initial breach varied with the first accounts in December saying that 400 million email addresses and phone numbers were stolen.
A major breach at Twitter could concern regulators on both sides Atlantic. The Data Protection Commission in Ireland, where Twitter has its headquarters in Europe and US Federal Trade Commission supervised the Elon Musk-owned company for compliance with European data protection rules and WE corresponding consent order.
Messages left with the two regulators were not immediately returned on Thursday.