Monday, January 30, 2023
Outlook.com
Outlook India
Outlook Business
+

Twitter Leak Exposes 235 Million Email Addresses From Hack

While account passwords were not leaked, malicious hackers could use the email addresses to try to reset people's passwords or guess them if they are commonly used or reused with other accounts

Twitter Leak Exposes 235 Million Email Addresses From Hack
POSTED ON January 07, 2023 12:41 PM

Personal emails linked to 235 million Twitter accounts hacked some time ago have been exposed according to Israeli security researcher Alon Gal — making millions vulnerable to having their accounts compromised or identities exposed if they have used the site anonymously to criticize oppressive governments, for instance.

Gal, who is the co-founder and chief technology officer at cybersecurity firm Hudson Rock, wrote in a LinkedIn post this week that the leak “will, unfortunately, lead to a lot of hacking, targeted phishing, and doing”.

While account passwords were not leaked, malicious hackers could use email addresses to try to reset people's passwords or guess if they are commonly used or reused with other accounts.

That's especially a risk if the accounts are not protected by two-factor authentication, which adds a second layer of security to password-protected accounts by having users enter an auto-generated code to log in.

People who use Twitter anonymously should have a Twitter-dedicated email address that does not disclose who they are and is used solely for Twitter, experts say.

Though the hack appears to have taken place before Elon Musk took over Twitter, the news of the leaked emails adds another headache for the billionaire, whose first couple of months as head of Twitter have been chaotic, to say the least.

Twitter did not immediately respond to a message for comment on the hack.

News of the breach could put the company in trouble with the Federal Trade Commission. The San Francisco company signed a consent agreement with the agency in 2011 that required it to address serious data-security lapses.

Twitter paid a $150 million penalty last May, several months before Musk's takeover, for violating the consent order. An updated version established new procedures requiring the company to implement an enhanced privacy-protection program as well as beef up information security.

In November, a group of Democratic lawmakers asked federal regulators to investigate any possible violations by the platform of consumer-protection laws or of its data-security commitments.

The FTC said at the time it is “tracking recent developments at Twitter with deep concern,” though no formal investigation has been announced. But experts and current and former Twitter employees have been warning of serious security risks flowing from the drastically reduced staff and deepening disorder within the company.

In August, Twitter's former head of security filed a whistleblower complaint alleging that the company misled regulators about its poor cybersecurity defenses and its negligence in attempting to root out fake accounts that spread disinformation.

Among Peiter Zatko's most serious accusations is that Twitter violated the terms of the 2011 FTC settlement by falsely claiming that it had put stronger measures in place to protect the security and privacy of its users. 

  • Related Articles

    The administrative changes may affect the company's public listing plans

    Jack Ma To Relinquish Control Of Ant Group: Report

    The EV manufacturer had laid off nearly 80 per cent of its workforce, around 300 people, in 2021

    Sequoia Capital-Backed Bounce Lays Off 3-4% Workforce

    Recently the company has partnered with Adani One to offer an integrated digital platform for domestic and international flight bookings

    Cleartrip Launches New Features Including PayLater Options