Data Breach: Twitter ‘significant leak’ may have exposed over 200 million users worldwide

*Security experts say the leaked Twitter database could lead to a surge in phishing and ‘doxxing’, the act of revealing someone’s identity, including targeting cryptocurrency Twitter accounts, besides hacking ‘high profile’, and political accounts.

Gbenga Kayode | ConsumerConnect

Millions of Twitter users go by a handle, not their name while posting on the social media platform is more anonymous that way, agency report has said.

However, several security experts have opined that a breach of Twitter’s system had exposed over 200 million consumers, and that anonymity may be at risk after all.

Over a seven-month period, a flaw in the platform’s application programming interface (API) allowed hackers to provide an e-mail address they obtained from the Dark Web and be notified if the address was linked to a particular Twitter account.

It was learnt the amount of data hackers got from the breach was limited.

For example, hackers couldn’t access passwords or the content of messages, report stated.

Linking the e-mail with a Twitter account, however, could have been used to identify the person, using a particular handle.

Experts have said the breach is not to be taken lightly.

In a LinkedIn post, Alon Gal, Chief Technology Officer (CTO) at Hudson Rock, an Israeli security firm, predicted the hack would lead to a surge in phishing and “doxxing,” the act of revealing someone’s identity.

Compromised data is ‘significant leak’

Following the current data leak on Twitter, Gal wrote: “This is one of the most significant leaks I’ve seen.”

Gal said hackers would use the leaked Twitter database in several ways, including targeting cryptocurrency Twitter accounts and hacking “high profile” and political accounts.

“It goes without saying that agencies around the world will use this database as well to further harm our privacy.”

Twitter has not commented on the breach, but in August 2022, the company issued a statement, that it discovered the API flaw.

However, at the time, Twitter did not believe any of the information had been compromised, report said.

It is recalled the microblogging site and social media platform

last year noted that an incident impacted some accounts and private information on Twitter.

It stated: “We want to let you know about a vulnerability that allowed someone to enter a phone number or email address into the log-in flow in the attempt to learn if that information was tied to an existing Twitter account, and if so, which specific account.

“We take our responsibility to protect your privacy very seriously and it is unfortunate that this happened.

“While there’s no action for you to take specific to this issue, we want to share more about what happened, the steps we’ve taken, and some best practices for keeping your account secure.

What happened

In January 2022,  Twitter affirmed that it received a report through our bug bounty program of a vulnerability in Twitter’s systems.

As a result of the vulnerability, if someone submitted an e-mail address or phone number to Twitter’s systems, Twitter’s systems would tell the person what Twitter account the submitted e-mail addresses or phone number was associated with, if any.

This bug resulted from an update to our code in June 2021.

“When we learned about this, we immediately investigated and fixed it. “At that time, we had no evidence to suggest someone had taken advantage of the vulnerability.

“In July 2022, we learned through a press report that someone had potentially leveraged this and was offering to sell the information they had compiled.”

The company said: “After reviewing a sample of the available data for sale, we confirmed that a bad actor had taken advantage of the issue before it was addressed.”

How to protect your account, by Twitter

If you operate a pseudonymous Twitter account, we understand the risks an incident like this can introduce and deeply regret that this happened.

To keep your identity as veiled as possible, we recommend not adding a publicly known phone number or email address to your Twitter account.

While no passwords were exposed, we encourage everyone who uses Twitter to enable 2-factor authentication using authentication apps or hardware security keys to protect your account from unauthorised logins.

If you’re concerned about the safety of your account, or have any questions about how we protect your personal information, you can reach out to our Office of Data protection through this form.

To learn more about reporting a security vulnerability, and to learn more about our efforts to protect Twitter from platform manipulation and

visit Twitter Help Centre at: https://privacy.twitter.com/en/blog/2022/an-issue-affecting-some-anonymous-accounts.

Kindly Share This Story