There is no evidence of the identity or whereabouts of the hacker or hackers who may have broken into Twitter as early as 2021.
Hackers stole the email addresses of more than 200 million Twitter users and posted them on an online hacking forum, a security researcher said.
The breach “will unfortunately result in much hacking, targeted phishing and doxxing,” wrote Alon Gal, co-founder of Israeli cybersecurity surveillance firm Hudson Rock, on LinkedIn on Wednesday. He called it “one of the most significant leaks I’ve seen.”
Twitter has not commented on the report, which Gal first posted to social media on Dec. 24, nor has responded to inquiries about the breach since that date. It wasn’t clear what actions Twitter took to investigate or fix the issue.
The Portal news agency could not independently verify that the data in the forum was authentic and came from Twitter. Screenshots of the hacker forum, where the data appeared on Wednesday, circulated on the Internet.
Troy Hunt, creator of the notification site Have I Been Pwned, looked at the leaked data and said on Twitter that it “looked pretty much as it was described”.
There were no clues as to the identity or location of the hacker or the hackers behind the vulnerability. It could have happened as early as 2021 before Elon Musk took ownership of the company last year.
Claims about the size and scope of the breach initially varied, with early accounts in December claiming 400 million email addresses and phone numbers were stolen.
A serious violation at Twitter could interest regulators on both sides of the Atlantic. The Data Protection Commission in Ireland, where Twitter has its European headquarters, and the United States Federal Trade Commission have monitored the Musk-owned company for compliance with European data protection rules and a US consent order, respectively.
Messages left with the two regulators were not immediately returned on Thursday.