Jonathan Raa/NurPhoto via Getty Images
- Hackers have stolen email addresses from over 200 million Twitter users, a cybersecurity firm said.
- The database could be used to hack high-profile, political, or crypto accounts on Twitter.
- “This is one of the most significant data leaks in history,” Alon Gal of Hudson Rock told Insider.
Hackers have stolen data including over 200 million email addresses from Twitter users and leaked it onto an online hacking forum, cybercrime intelligence company Hudson Rock told Insider on Friday.
A database with the “unique records,” of 235 million Twitter users was posted onto a forum and made public, co-founder and chief technology officer at Hudson Rock, Alon Gal, said in a Wednesday LinkedIn post.
“This is one of the most significant data leaks in history and will unfortunately lead to a lot of accounts getting hacked, targeted with phishing, and doxxed,” Gal told Insider in a statement.
“I urge Twitter users to change passwords and to be suspicious of any phishing attempts, and for Twitter to acknowledge this breach as soon as possible.”
Insider was unable to independently verify the authenticity of the data Hudson Rock said had been leaked.
Twitter did not immediately respond to Insider’s request for comment on the leaks, and the social-media giant is yet to publicly acknowledge such a breach.
Gal warned in an additional LinkedIn post that hackers will take advantage of the database to hack “high profile accounts,” “crypto Twitter accounts,” and “political accounts.” Hudson Rock had earlier linked the hacking of British TV personality Piers Morgan’s Twitter account to the leak.
Hackers have been selling and circulating large amounts of both public and private data from Twitter profiles since July 2022, technology site Bleeping Computer said. The data came from a Twitter API through which users input their email addresses and phone numbers, with data from as far back as 2021 leaked.
Bleeping Computer reported that it was able to confirm the validity of many of the email addresses listed in Wednesday’s leak.
Troy Hunt, creator of website Have I Been Pawnd, told Bleeping Computer that the leak has been added to his website. Visitors to the HIBP website can use it to check if their email is part of the Twitter leak.
Gal’s post on Wednesday clarified that the he believes the final count of the database is 235 million rather than 400 million. Hunt said in a tweet that he had discovered around 211 million unique email addresses linked to the Twitter leak.