Email Addresses of 235 Million Twitter Users Exposed in Hack
Israeli security researcher Alon Gal claims that the personal emails associated with 235 million Twitter accounts that were hacked some time ago have been leaked, putting millions of people at risk of having their accounts compromised or identities exposed. The disclosure “will unfortunately lead to a lot of hacking, targeted phishing, and doxxing,” Gal, co-founder and chief technology officer of cybersecurity firm Hudson Rock, wrote in a LinkedIn post this week. Although passwords were not compromised, the email addresses could be exploited by hackers to reset account passwords or even guess them if they are overused or widely known.
Two-factor authentication, which requires users to provide a randomly generated code in addition to their password, mitigates this risk by adding an extra layer of protection. Experts recommend that users who wish to maintain their anonymity on Twitter create a special, anonymous email address that is only accessible through Twitter. Despite the fact that the breach appears to have occurred before Elon Musk took over Twitter, the news of the released emails adds another worry for the billionaire, whose first couple months at the helm of Twitter have been turbulent, to put it mildly.
When asked for comment on the incident, Twitter did not immediately answer. The FTC may take action against the corporation if it learns of the breach. The agency and the San Francisco firm signed a consent agreement in 2011, and the firm has since been working to fix major data-security issues. In May of last year, months before Musk’s takeover, Twitter paid a USD 150 million penalty for violating the consent decree.
A revised version created new practises mandating that a more stringent privacy protection programme and information security measures be put in place by the business. A group of Democrats in Congress asked federal authorities in November to look into whether or not the platform had broken any data-security promises or consumer-protection laws. Although no official investigation has been declared, the FTC has stated that it is “tracking recent developments at Twitter with deep concern,”
In spite of this, experts and current and former Twitter employees have been sounding alarms about major security threats stemming from the company’s drastically decreased staff and deepening disarray. Former Twitter head of security filed a whistleblower complaint in August, claiming the business lied to regulators about its lax cybersecurity policies and failure to adequately investigate and remove disinformation-spreading bogus accounts. One of the most severe claims made by Peiter Zatko is that Twitter broke the terms of the 2011 FTC settlement by making unsubstantiated claims that it had taken further steps to ensure user privacy and security.