Twitter leak exposes 235 million email addresses from hackers
Alon Gal, co-founder and chief technology officer of cybersecurity company Hudson Rock, disclosed on LinkedIn this week.
Although the account passwords have not been released, ‘hackers’ can use email addresses to try to reset people’s passwords or guess them.
This poses a risk if accounts are not protected by two-factor authentication, which adds a second ‘layer’ of security to password-protected accounts and requires users to enter an automatically generated code to ‘log in’.
People who use Twitter anonymously must have an ’email’ address associated with the platform that does not reveal who they are and is used exclusively for Twitter, according to experts.
Although the cyberattack appears to have taken place before Elon Musk took control of Twitter, the news of the ’emails’ disclosure adds another headache for the billionaire, who has had a chaotic first few months of leading the company.
Twitter did not immediately respond to a request for comment on this matter, reported the Associated Press (AP).
The exposure of private data could put the company in trouble with the US Federal Trade Commission (FTC, its acronym in English), with whom it committed in 2011 to address serious data security breaches.
Twitter paid a fine of $150 million in May, several months before Musk’s takeover, for violating the consent order.
An updated version established new procedures requiring the company to implement an enhanced privacy protection program, in addition to strengthening information security.
In November, a group of Democratic congressmen asked federal regulators to investigate any possible violations of the platform’s consumer protection laws or its data security commitments.
The FTC said at the time that it was “following recent developments on Twitter with deep concern”, although no formal investigation has been announced.
But experts and current and former Twitter employees warn of serious security risks stemming from the drastically reduced staff and reports of turmoil within the company.
In August, Twitter’s former security chief filed a complaint alleging that the company misled regulators about its poor cybersecurity defenses and its negligence in trying to root out fake accounts that spread misinformation.