Over 200 million email addresses stolen in Twitter cyber attack

Security research has revealed that hackers infiltrating Twitter obtained over 200 million email addresses before posting them on an online forum

A breach of user data was first reported on the 24th December, by Alon Gal, co-founder and CTO of Israeli cybersecurity company Hudson Rock, with screenshots showing email addresses from Twitter published on a hacker forum circulating online, reported Reuters.

Gal told the BBC that the public posting of such data would “unfortunately lead to a lot of accounts getting hacked, targeted with phishing, and doxxed”.

Upon viewing the leaked data, founder of breach notification tracker Have I Been Pwned, Troy Hunt, commented that the situation seemed “pretty much what it’s been described as”.

However, Reuters has stated it can not independently verify the data’s authenticity, or that the email addresses came from Twitter users.

The discovery follows a warning from Hudson Rock last week stating that an unverified hacker named Ryushi had demanded $200,000 (£168,000) to Twitter in return for the handover and deletion of email addresses and phone numbers from 400 million Twitter users.

However, user data offered online for free, shared by a different user, consisted of a smaller number of data assets, and Gal stated that this did not include phone numbers.

Twitter is yet to comment on the sharing of user data.

Related:

Understanding the journey of breached customer dataExploring how businesses can gain an understanding of the journey of breached customer data when attacks occur.

Hervé Tessler – ‘Cyberattacks can mean total reputational death’Noventiq president Hervé Tessler on how SMBs are increasingly aware of the damage done by cybercriminals and why IT leaders are bringing in outside experts.

Avatar photo

Aaron Hurst

Aaron Hurst is Information Age's senior reporter, providing news and features around the hottest trends across the tech industry.