The Twitter logo is seen on the awning of the Twitter office building in New York. , Photo Credit: AP
Personal email connected to 235 million twitter account hack Some have previously been exposed according to Israeli security researcher Alon Gal – leaving millions of people vulnerable to having their accounts compromised or identities exposed when using the site anonymously to criticize repressive governments, for example. has given.
Gall, co-founder and chief technology officer at cybersecurity firm Hudson Rock, wrote in a LinkedIn post this week that the leak would “unfortunately lead to a lot of hacking, targeted phishing and doxing”.
While account passwords were not leaked, malicious hackers could use the email addresses to try to reset people’s passwords, or guess whether they are commonly used or reused with other accounts. : are used.
This is especially a risk if the accounts are not protected by two-factor authentication, which adds a second layer of security to password-protected accounts by having users enter an auto-generated code to log in.
Experts say that people who use Twitter anonymously should have a Twitter-dedicated email address that doesn’t reveal who they are and is only used for Twitter.
While it appears the hack happened before Elon Musk took over Twitter, news of the leaked emails adds another headache for the billionaire, whose first few months as head of Twitter have been chaotic, to say the least. for.
Twitter did not immediately respond to a message sent for comment on the hack.
News of the breach could land the company in trouble with the Federal Trade Commission. The San Francisco company signed a consent agreement with the agency in 2011 that required it to plug serious data-security flaws.
Twitter paid a $150 million fine last May, several months before Musk’s acquisition, for violating the consent order. An updated version established new procedures that required the company to implement an enhanced privacy-protection program as well as strengthen information security.
In November, a group of Democratic lawmakers asked federal regulators to investigate any potential violations by the platform of consumer-protection laws or its data-protection commitments.
The FTC said at the time it was “following recent developments at Twitter with deep concern”, although no formal investigation has been announced. But experts and current and former Twitter employees have been warning of serious security risks amid the severely reduced workforce and deepening disarray within the company.
In August, Twitter’s former head of security filed a whistleblower complaint alleging the company misled regulators about its poor cybersecurity protections and in an effort to root out fake accounts that spread misinformation. Negligence was done.
One of Peter Zatko’s most serious allegations is that Twitter violated the terms of a 2011 FTC settlement by falsely claiming that it had taken stronger measures to protect the security and privacy of its users.