Min menu

Pages

News

Hackers divulge 235 million Twitter account email addresses.


An online hacker site has disclosed details about 235 million Twitter accounts, including the email addresses used to sign up for them, paving the way for actual names to be connected to anonymous handles.

Security experts warned that this may expose others to extortion and pose threats of exposure, arrest, or violence against those who used Twitter to criticize influential figures or governments. The email addresses might potentially be used by hackers to try password resets and account takeovers, particularly for accounts without two-factor verification.

Alon Gal, co-founder of the Israeli security firm Hudson Rock, saw the ad on a well-known underground marketplace and remarked, "This database is going to be utilized by hackers, political hacktivists, and of course governments to undermine our privacy even further."

The data was most likely gathered in late 2021 through a Twitter system fault that made it possible for third parties with an email address or phone number to locate any accounts that had given that information to Twitter. These searches may be automated to seek an infinite number of email addresses or phone numbers.

Twitter stated in August that the vulnerability was unintentionally created in a programming upgrade seven months earlier and that it had been discovered in January 2022 through its incentive scheme for bug reporting.

The first time Twitter claimed it knew someone had exploited the weakness was when hackers were seen selling a collection of 5.4 million Twitter account handles together with related emails and phone numbers in July.

The General Data Protection Regulation of the European Union may have been broken, according to a statement made by Ireland's Data Protection Commission last month. The fresh batch is likely to increase the vigor of that investigation as well as a current FTC investigation into whether Twitter has been infringing on consent decrees in which it vowed to better secure user data. The FTC chose not to respond.

Twitter users are primarily located outside of North America and the United States.

An email to Twitter requesting feedback and asking whether the firm had any user advice received no response.

The individuals who were least in danger offered disposable or unrelated email addresses. But even they may be held accountable.

Twitter previously stated that it repaired the bug as soon as it was made aware, although it did not specify how long the process took. Amidst a turbulent month in which the business sacked both of its senior security officials, the report from January 2022 was issued.

Peter Zatko, one of them, had been complaining internally that Twitter was woefully equipped to thwart hacking efforts. He eventually submitted a formal whistleblower complaint to the Securities and Exchange Commission and testified before Congress about the flaws.

While Twitter's 235 million published information leak is among the worst ever, it is merely the most recent in a string of security mishaps that go back more than a decade. In 2011, the FTC and frequent account takeovers reached a settlement.



Comments