If the Elon Musk-owned social network has already faced multiple data thefts, this time it was publicly published on the Internet.
Twitter has already suffered the theft of data from 400 million accounts at the end of last December. We now learn that the personal information of tens of millions of web application users and smartphones they were released into the wild. Astounding news, which comes just a few weeks after it was The same thing happened to music streaming site Deezer.
63GB of data in the wild
If Twitter already faced a massive data theft in December, the hacker behind it kept the database private, ready to be returned for ransom. This time the bad guys were less thoughtful and posted directly, probably on the notorious hacker forum Breached, the files containing the data of 235 million people. This case becomes one of the largest data leaks in history, according to cybersecurity expert Hudson Rock.
In 63GB of files we find the names, first names, email addresses, Twitter handle or even phone numbers of users of the social network. If it is not clear where this data comes from, some believe that would have come from the previous flight. Nothing is confirmed yet. Leaking so much data online could lead to a major wave of doxxing (posting personal information with the intention of harming a person) and phishing in the coming weeks.
Twitter in the sights of the authorities
While the number of attacks by cybercriminals has continued to increase over the years, Twitter has still had a particularly dark year in this area. The company already lost the data of around 5.4 million users last July in an attack that caught the attention of the Irish Data Protection Commission. The latter also announced, following the data theft last December, that it would examine the company’s compliance with data protection law.
If the Commission, acting on behalf of the European Union, were to establish that Twitter does not comply with the GDPR law, it could take serious action.
We recall that Meta has just been ordered to pay a fine of 390 million euros for failure to comply with general data protection rules. Web giants holding hundreds of millions of user data are especially susceptible to data leakage. Hence the importance of these rules to reduce the damage potentially caused in case of disclosure.