Twitter hacked: email addresses of more than 200m users stolen - how to check if your info was leaked

Hackers have reportedly stolen the email addresses of around 200 million Twitter users and posted them to an online hacking forum, according to a security researcher. It’s a major breach for Elon Musk’s social media platform, which has just shy of 450 million active users.

Alon Gal, co-founder of Israeli cybersecurity monitoring firm Hudson Rock, said the security breach “will unfortunately lead to a lot of hacking, targeted phishing and doxxing”. He also labelled it “one of the most significant leaks I’ve seen”.

Gal first posted about the breach on Christmas Eve. According to The Guardian, Twitter has not responded to enquiries about the breach since that date and it remains unclear if any action has been taken in response.

Who is behind the Twitter hack?

Currently, there are no clues as to the identity of the hacker or the group behind the attack. It has been suggested the breach could have happened as early as 2021, before Elon Musk’s purchase of the site.

The creator of the breach notification site ‘Have I Been Pwned’, Troy Hunt, reviewed the leaked data on Twitter and said that it seemed “pretty much what it’s been described as”.

Claims regarding the size and scope of the breach have varied. Early accounts claimed that up to 400 million email addresses and phone numbers were stolen. It’s a worrying statistic for Twitter, which has seen a 40% increase in audience since 2018.

The data protection commission in Ireland and the US Federal Trade Commission have reportedly been monitoring Twitter “for compliance with European data protection rules and a US consent order respectively”, and a major breach could be of huge interest to them.

How to check if your info was leaked - and protect your Twitter account

Online safety experts have urged anyone with a Twitter account to change their password as a precaution. It’s a good idea to use a combination of three unrelated words that are memorable, replacing some letters with numbers to enhance the security.

If people can, they should also enable two-factor authentication on the platform. This is an extra layer of protection to ensure the security of online accounts beyond just a username and password - on Twitter this can be a text message, authentication app, or security key. There’s more nfo on that on the Twitter help pages.

You can also find out if your info was exposed as part of the data breach on the Firefox Monitor website.