+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

Hackers stole over 200 million email addresses from Twitter users and published them on an online forum, cybersecurity firm says

Jan 6, 2023, 21:33 IST
Business Insider
Hackers have stolen over 200 million email addresses from Twitter users, cybercrime intelligence firm Hudson Rock said.Jonathan Raa/NurPhoto via Getty Images
  • Hackers have leaked email addresses from over 200 million Twitter users, a cybersecurity firm said.
  • The database could be used to hack high-profile, political, or crypto accounts on Twitter.
Advertisement

Hackers have leaked the details of more than 200 million Twitter accounts, including email addresses, phone numbers, and account handles, onto an online hacking forum, cybercrime intelligence company Hudson Rock told Insider on Friday.

The news was previous reported by outlets including Reuters, CNN, and The Guardian.

A database with the "unique records," of 235 million Twitter users was posted onto a forum and made public, co-founder and chief technology officer at Hudson Rock, Alon Gal, said in a Wednesday LinkedIn post.

"This is one of the most significant data leaks in history and will unfortunately lead to a lot of accounts getting hacked, targeted with phishing, and doxxed," Gal told Insider in a statement.

"I urge Twitter users to change passwords and to be suspicious of any phishing attempts, and for Twitter to acknowledge this breach as soon as possible."

Advertisement

Insider was unable to independently verify the authenticity of the data Hudson Rock said had been leaked.

Twitter did not immediately respond to Insider's request for comment on the leaks, and the social-media giant is yet to publicly acknowledge such a breach.

Gal warned in an additional LinkedIn post that hackers will take advantage of the database to hack "high profile accounts," "crypto Twitter accounts," and "political accounts." Hudson Rock had earlier linked the hacking of British TV personality Piers Morgan's Twitter account to the leak.

Hackers have been selling and circulating large amounts of both public and private data from Twitter profiles since July 2022, technology site Bleeping Computer said.

The data is thought to have stemmed from a flaw in Twitter's API, which the company said it fixed in January 2022, which allowed hackers to discover what Twitter handles matched registered email addresses and phone numbers. That allowed scammers to compile a database, and potentially identify users who tweet anonymously.

Advertisement

Bleeping Computer reported that it was able to confirm the validity of many of the email addresses listed in Wednesday's leak.

Troy Hunt, creator of website Have I Been Pwned, told Bleeping Computer that the leak has been added to his website. Visitors to the HIBP website can use it to check if their email is part of the Twitter leak.

Gal had first reported in December that hackers had exploited Twitter's API flaw to compile a database containing information for around 400 million Twitter users. A hacker, called "Ryushi", took credit for the cache and demanded $200,000 to hand over the data for deletion per the BBC.

Gal's post on Wednesday clarified that the he believes the final count of the database is 235 million rather than 400 million. Hunt said in a tweet that he had discovered around 211 million unique email addresses linked to the Twitter leak.

You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article