Winning Bizness Desk

Mumbai. A big lapse from cyber security point of view has come to fore and this is being termed as a big big mistake regarding the privacy of Twitter users. A security researcher has claimed that hackers have stolen the email addresses of more than 20 crore Twitter users and posted the email addresses on an online hacking forum. Alon Gal, co-founder of Israeli cyber security-monitoring firm Hudson Rock, said on LinkedIn that unfortunately this hacking will lead to phishing and doxing. He said that this is a huge leak. Security experts fear these Twitter IDs could be used to criticize the government or influential individuals, or lead to violence or extortion, as hackers can use email addresses to reset passwords and take control of accounts. Can also for, especially those that are not protected by Two-Factor Authentication.

Twitter's response awaited

No comment has been made on this matter from Twitter yet. Gall first posted it on social media on December 24, and neither has responded to inquiries about the breach since that date. It was not clear what action, if any, Twitter has taken to investigate or resolve the matter. News agencies are yet to confirm whether the data on the forum was authentic and came from Twitter. Screenshots of the hacker forum were seen online on Wednesday. Troy Hunt, creator of the breach-notification site Have I Been Pwned, looked at the leaked data and said on Twitter that it appeared to be "as described". There was no clue to the identity or location of the hacker or hackers behind the breach. It is possible that the hacking incident happened before Elon Musk took over the ownership of the company.

Number and scope could be much higher

Claims about the size and scope of the breach initially varied with accounts as early as December stating that 400 million email addresses and phone numbers had been stolen. A major breach at Twitter could attract regulators on both sides of the Atlantic. The Data Protection Commission in Ireland, where Twitter has its European headquarters, and the US Federal Trade Commission are monitoring the Elon Musk-owned company for compliance with European data protection regulations and a US consent order, respectively.