Twitter is often in the public eye these days, but it is usually because of Elon Musk’s antics or the state of things at the company, such as the string of layoffs that have severely impacted the platform. However, this time, the news affects users far more than usual, with 235 million personal emails being leaked after a Twitter hack some time ago, which has far greater implications than compromised accounts.
What was leaked: The Twitter hack that occurred previously included 235 million personal emails belonging to user accounts. The good news is that passwords were not leaked. No other personal information was leaked, though some private emails might reveal information about the owner of the account.
The emails were posted on an online hacking forum, where they became available to anyone and everyone. It is believed that the Twitter hack took place in 2021 using a flaw in Twitter’s system. The flaw was fixed after its discovery in 2022 through a program for bug reports.
How it affects users: The immediate concern is that hackers could try to use the emails to compromise user accounts. That includes “hacking, targeted phishing, and doxxing,” according to Alon Gal, the co-founder and chief technology officer at cybersecurity firm Hudson Rock. In addition, the emails can be used to maliciously reset account passwords.
- Those not protected by two-factor authentication are particularly at risk.
- Common passwords might be guessed by the hackers, who can gain access to accounts.
However, a greater implication of the leak is the use of the emails to expose the identities of Twitter users who used the accounts to post anonymously on the platform. That includes those who criticized oppressive governments or organizations. If their identities are revealed, it could lead to retaliation, such as arrests or violence.
Steps users should take: The first step users should take is to create new passwords for their accounts if they are common or used across multiple websites. Additionally, two-factor authentication is an extra layer of security worth taking since Twitter has proven itself vulnerable to hackers.
- Users should keep an eye out for any suspicious activity or password reset emails since that could point toward someone attempting to access the account.
- Experts have commented that users who want to remain anonymous should use an email dedicated to Twitter that lacks personal identifiers.
What it means for Twitter and Elon Musk: While the Twitter hack likely occurred prior to Musk’s takeover, it adds another issue for him to worry about, and he already has a plethora of things to deal with surrounding the social media platform.
Additionally, the breach could put Twitter in the FTC’s sights. There was a previous agreement put into place in 2011 requiring the company to address data-security lapses, and it has already had to pay penalties for violating the order in the past.
- Democratic lawmakers asked federal regulators to investigate the company in November.
- The FTC has also been “tracking recent developments” with “deep concern.”
Whistleblower complaint: Peiter Zatko, the former head of security at Twitter, filed a whistleblower complaint against the company. He said that Twitter misled regulators in regard to its poor cybersecurity and negligence in rooting out fake accounts spreading misinformation on the platform.
Additionally, Zatko accused Twitter of violating the 2011 FTC agreement by falsely claiming it put stronger security measures in place to protect user privacy.
Other hacks: Twitter is not the only company to face hacks in recent months. LastPass and Okta both experienced multiple hacks in 2022, including breaches in December. Uber also faced a hack that compromised 77,000 employee emails and other company data, which occurred because of a third-party vendor.