Hackers reportedly gain access to 235 million Twitter accounts, and the implications could be far reaching

With the reported hacking of the records of 235 million Twitter accounts, it’s easy to get a sense of the forces Elon Musk could be up against in his quest to create a level playing field on Twitter, effectively eliminating a distinct advantage the left had in what the billionaire considers the modern-day town square.

The vast cache of records and email addresses used to register the Twitter accounts have been posted to an online hacking forum, according to The Washington Post, with the newspaper noting that this sets the stage “for anonymous handles to be linked to real-world identities.”

The hacking threatens to result in Twitter taking a major hit when it comes to the trustworthiness Musk has worked diligently to restore through the transparency of the “Twitter files.”

Citing security experts, the newspaper reported that the exposure of anonymous accounts could also result in the “arrest or violence against people who used Twitter to criticize governments or powerful individuals, and it could open up others to extortion.” The article also said hackers could “use the email addresses to attempt to reset passwords and take control of accounts, especially those not protected by two-factor authentication.”

Alon Gal, co-founder of the Israeli security company Hudson Rock, spotted the hacked records on a popular underground marketplace, calling the breach “one of the most significant leaks I’ve seen.”

LinkedIn/Alon Gal

“This database is going to be used by hackers, political hacktivists and of course governments to harm our privacy even further,” Gal told The Post.

The records were likely hacked long before Musk took control of Twitter in October 2022, with the newspaper suggesting it took place toward the end of 2021.

More from The Post:

The records were probably compiled in late 2021, using a flaw in Twitter’s system that allowed outsiders who already had an email address or phone number to find any account that had shared that information with Twitter. Those lookups could be automated to check an unlimited list of emails or phone numbers.

Twitter said in August that it had learned of the vulnerability in January 2022 through its reward program for bug reports and that the vulnerability had been accidentally introduced in a code update seven months before that.

In July, hackers were spotted selling a set of 5.4 million Twitter account handles and associated emails and phone numbers, which Twitter said was the first it learned that someone had taken advantage of the flaw.

 

Gal told the paper the larger data dump was almost certainly compiled in a similar manner and offered for private sale before the recent publication

A prolific tweeter, Musk has yet to comment on the reported hack and it’s not clear if Twitter has taken any actions in response to the violation. In January 2022, the social media company fired its top two security officers.

Troy Hunt, creator of breach-notification site Have I Been Pwned, reviewed the leaked data and said in a tweet that it “looks to be pretty much what it’s been described as.”

There have been a few high-profile Twitter accounts hacked recently, including those belonging to Piers Morgan and the Baltimore Sun.

Tom Tillison

Comment

We have no tolerance for comments containing violence, racism, profanity, vulgarity, doxing, or discourteous behavior. If a comment is spam, instead of replying to it please click the ∨ icon below and to the right of that comment. Thank you for partnering with us to maintain fruitful conversation.

Latest Articles