It is likely that these records were compiled in late 2021, when outsiders who already had an email address or phone number could search for accounts that had shared it with Twitter because of a flaw in Twitter's system. An unlimited number of emails or phone numbers could be checked through automated lookups.
An online hacking forum has posted information about 235 million Twitter accounts and the email addresses they were registered with, setting the stage for real-life connections between anonymous accounts and real-life people.
According to a report in The Washington Post, security experts believe that this data hack poses threats of exposure, arrest or violence against people who used Twitter to criticise governments or powerful individuals. It can also open up others to extortion as hackers could also use email addresses to attempt to reset passwords and take control of accounts, especially those not protected by two-factor authentication.
“This database is going to be used by hackers, political hacktivists and of course governments to harm our privacy even further,” said Alon Gal, co-founder of the Israeli security company Hudson Rock, who spotted the posting on a popular underground marketplace, The Washington Post reported.
It is likely that these records were compiled in late 2021 when outsiders who already had an email address or phone number could search for accounts that had shared it with Twitter because of a flaw in Twitter's system. An unlimited number of emails or phone numbers could be checked through automated lookups.
The first time Twitter learned that someone had exploited the flaw was in July when hackers sold 5.4 million account handles, emails and phone numbers.
The micro-blogging platform said in August that it got aware of the vulnerability in January 2022 through its reward program for bug reports. The vulnerability had been accidentally introduced in a code update seven months before that.
The General Data Protection Regulation of the European Union may have been broken, according to a statement made by Ireland's Data Protection Commission last month. The fresh batch is probably going to increase the intensity of that investigation as well as a current U.S Federal Trade Commission investigation into whether Twitter has been infringing on consent decrees in which it vowed to better protect user data.
Twitter previously stated that it fixed the bug as soon as it was made aware of it, although it did not specify how long the process took. This happened amidst a turbulent month in which the business sacked both of its senior security officers.
Also read: Twitter data of Sundar Pichai, WHO, Charlie Puth and other 400 million users leaked: Report
One of them, Peiter Zatko, who leads the company's information security approach has been claiming that Twitter has been grossly unprepared to fend off hacking attempts. Later in August 2022 Zatko also filed a formal whistleblower complaint with the Securities and Exchange Commission and testified about the deficiencies in Congress.
While Twitter's 235 million published information leak is among the biggest ever, it is merely the most recent in a string of security mishaps that go back more than a decade. Zatko said that the business has been breaking a 2011 settlement with the FTC over frequent account takeovers.
(Edited by : Abhishek Jha)
First Published: Jan 5, 2023 12:18 PM IST
Check out our in-depth Market Coverage, Business News & get real-time Stock Market Updates on CNBC-TV18. Also, Watch our channels CNBC-TV18, CNBC Awaaz and CNBC Bajar Live on-the-go!