Twitter hack exposes millions of user accounts

SAN FRANCISCO – An online forum dedicated to data breaches and hacking has posted a file containing over three gigabytes of Twitter user data.

A variety of news agencies have picked up on the story as cybersecurity experts digging through the file have confirmed that over 200 million Twitter profiles and other user data such as locations, email addresses, and phone numbers were contained in the breach. Username FazyMalone posted the file on BreachForums, writing, “In January 2022, a vulnerability in Twitter's platform allowed an attacker to build a database of the email addresses and phone numbers of millions of users of the social platform. In a disclosure notice later shared in August 2022, Twitter advised that the vulnerability was related to a bug introduced in June 2021 and that they are directly notifying impacted customers.

“The impacted data included either email address or phone number alongside other public information including the username, display name, bio, location and profile photo. The data included 6.7M unique email addresses across both active and suspended accounts, the latter appearing in a separate list of 1.4M addresses.”

The hack occurred in the same month that Twitter fired former security chief Peiter “Mudge” Zatko. Zatko has been on record about the slipshod measures taken by the company in securing the platform from threat actors, with his disclosure being reviewed by the Senate Judiciary Committee. Security Systems News covered that story in September.

Twitter’s security situation has also not been improved by the recent acquisition by billionaire Elon Musk, with most of the company’s staff fired or quitting in the wake of the cavalier entrepreneur’s takeover. Former Twitter CISO Lea Kissner announced her departure on the platform writing, “I've made the hard decision to leave Twitter. I've had the opportunity to work with amazing people and I'm so proud of the privacy, security, and IT teams and the work we've done.”

Experts say the data contained in the hack will lead to numerous other account hacks, breaches, and phishing attempts using the available user data. There were roughly 4,100 disclosed data breaches in 2022 exposing roughly 22 billion sensitive records.