Twitter said to have suffered data breach as hackers expose 235 million users' information

Data dump contains users' names, e-mail addresses, screen names, number of followers and phone numbers

Wednesday's cyber security breach at Twitter is the second in less than a month. Reuters
Powered by automated translation

A Twitter database containing about 235 million users has been exposed on an online hacker forum in what is shaping to be one of the biggest data leaks yet recorded, according to a cyber intelligence company.

The data dump contains users' names, e-mail addresses, screen names, number of followers and the dates of the creation of their accounts, as well as some phone numbers, Israel-based Hudson Rock said on Wednesday.

The exposure of the unique records will "unfortunately lead to a lot of hacking, targeted phishing and doxxing", it said in a tweet. Doxxing is the act of revealing actual information of an individual or organisation online.

Industry publication CyberNews was the first to report the news, which said the size of the database involved was about 63GB.

It also said the new leak was by the group that posted an advertisement on the same online forum selling the information of about 400 million Twitter users in early December. These included handles, user names, e-mails and phone numbers, with asking prices of up to $200,000.

Hudson Rock did not name the online forum that hosted Wednesday's data dump, but it has been reported that the forum that hosted the December ad was a site called Breached, which has been known to regularly post and sell stolen data.

"This is one of the most significant leaks ever," Hudson Rock said. It is also unclear if any passwords have been exposed, and the possibility of the data having been shared privately has not been ruled out.

A user replying to Hudson Rock's tweet directed a question at Twitter chief executive Elon Musk, asking whether the breach was real. Mr Musk or Twitter has yet to respond as of posting time.

The breach is the latest in a string of cybersecurity problems the microblogging platform has faced in the past year, and the second in less than a month.

If confirmed by Twitter, this would rank among the top 15 biggest data breaches yet, if it was included in the rankings of cybersecurity company UpGuard.

It will not, however, exceed a breach that Twitter suffered in 2018, which stemmed from a password bug that exposed the accounts of about 330 million users.

In August, Twitter confirmed a data breach that exposed the information of about 5.4 million of its users in July, citing a vulnerability in its software.

The hack "allowed someone to enter a phone number or e-mail address into the log-in flow in the attempt to learn if that information was tied to an existing Twitter account, and if so, which specific account", the company said at the time.

It also adds to the nagging issues at the San Francisco-based company, which has faced a tumultuous time in Mr Musk's short reign as its new owner after he bought the company for $44 billion last year.

Mr Musk's tenure at Twitter has been marred by controversial decisions, flip-flopping, and the firing of top executives and almost half of its workforce.

Technology companies, meanwhile, have been a favourite target of hackers due to their rich resources of user data that they can illicitly sell on the dark web. Industry majors such as Yahoo, LinkedIn and Facebook have all fallen victim in the past.

Data-breach costs in 2021 were estimated to have risen to $4.24 million from $3.86 million in 2020, according to the latest annual study from US technology company IBM.

That was the highest figure in the 17-year history of the report until it was surpassed in IBM's 2022 update, which showed that total breach costs were now at $4.35 million.

Updated: January 05, 2023, 4:27 AM