The email addresses of more than 200 million Twitter users have reportedly been compromised in a data breach.
The UK has around 18 million Twitter users, but it’s unknown how many British users may have been impacted.
The social-media site has not yet confirmed the attack, but co-founder of Israeli cybersecurity firm Hudson Rock Alon Gal, who first announced the breach in a Linkedin post, called it ‘’one of the most significant leaks’’ he had ever seen.
Gal confirmed that the information, posted on a popular internet message board where cybercriminals share data, will likely ‘’lead to a lot of hacking, targeted phishing, and doxxing’’.
Though Gal’s claims have yet to be officially verified, he was able to share screencaps from the online boards to verify his claims.
The Elon Musk-led company has shed numerous IT staff since the $44 billion takeover was finalised in November, which sliced the company’s headcount nearly in half, as part of the tycoon’s cost-cutting measures.
This transition has taken much of the company’s key cybersecurity staff with it; Twitter’s information security chief Lea Kissner resigned via a Tweet in November last year.
However, it’s unknown whether the breach occurred while the firm was under Musk’s tenure and the data could have been compromised well before then.
Meanwhile, Twitter has been under attack for its alleged cybersecurity practices for years.
Twitter’s former head of security, Peiter ‘Mudge’ Zatko, alleged in August 2022 that in a filing to the US Securities and Exchange Commission, the Federal Trade Commission, and the US Justice Department, “he uncovered extreme, egregious deficiencies by Twitter in every area of his mandate, including… user privacy, digital and physical security, and platform integrity / content moderation”.
Zatko, who served at Twitter from November 2020 to January 2022, was fired by the previous Twitter CEO Parag Agrawal, who accused the exec of spreading false narratives.
The claims included allegations that 30 per cent of Twitter employees had disabled software and security updates on their devices.
Ceri Shaw, chief delivery officer at CodeClan, advises Twitter users to closely monitor suspicious activities, such as “password-reset emails, unusual pop-ups on their device, and targeted phishing emails”.
Shaw also strongly advises Twitter to consider looking at their security settings and regularly update passwords so that they are difficult to guess.
She added: “Passwords should use a combination of special characters, letters, and numbers, and should have no relevance to any of your personal information.”
The financial repercussions for Twitter in the wake of an incident like this could well be extremely steep, and we’ve seen multiple big tech firms receive multi-million fines as a result of serious data protection slip-ups.
In November 2022, Irish data-protection regulators fined Facebook owner Meta €265 million (£230m) in relation to a breach that led to more than 500 million users having their details leaked online, which supposedly affected a significant number of EU users.