Latest Breaking News

brooklynite

(94,789 posts) Wed Jan 4, 2023, 09:57 PM Jan 2023

Hackers leak email addresses tied to 235 million Twitter accounts

Source: Washington Post

Records of 235 million Twitter accounts and the email addresses used to register them have been posted to an online hacking forum, setting the stage for anonymous handles to be linked to real-world identities.
Tech is not your friend. We are. Sign up for The Tech Friend newsletter.

That poses threats of exposure, arrest or violence against people who used Twitter to criticize governments or powerful individuals, and it could open up others to extortion, security experts said. Hackers could also use the email addresses to attempt to reset passwords and take control of accounts, especially those not protected by two-factor authentication.

“This database is going to be used by hackers, political hacktivists and of course governments to harm our privacy even further,” said Alon Gal, co-founder of the Israeli security company Hudson Rock, who spotted the posting on a popular underground marketplace.

The records were probably compiled in late 2021, using a flaw in Twitter’s system that allowed outsiders who already had an email address or phone number to find any account that had shared that information with Twitter. Those lookups could be automated to check an unlimited list of emails or phone numbers.

18 replies

= new reply since forum marked as read

Highlight:

Hackers leak email addresses tied to 235 million Twitter accounts (Original Post) brooklynite Jan 2023 OP

That's a wake up call bucolic_frolic Jan 2023 #1

They don't have mine, but still this makes me very angry FakeNoose Jan 2023 #2

Musk will tweet that The Matrix Deep State did the hacking tamtamp Jan 2023 #3

Yet this benefits him if it pushes Twitter users into 2FA NullTuples Jan 2023 #4

how do we find out if our info is online? Trueblue1968 Jan 2023 #5

If you've registered for Twitter, assume it's out there. n/t OnlinePoker Jan 2023 #8

there are services that will look on the dark web for info you register with them.... getagrip_already Jan 2023 #17

This could seriously put Musk out of business. Further into the report... ancianita Jan 2023 #6

twitter users should file a class action lawsuit against him Trueblue1968 Jan 2023 #9

The data breach happened before he took over. I read somewhere highplainsdem Jan 2023 #10

That was an older one from 2011. But this is a newer, bigger and worse one. ancianita Jan 2023 #12

This large data breach happened in 2021. highplainsdem Jan 2023 #13

Okay. Guess I'm also thinking of another one before Musk took over. Because this ancianita Jan 2023 #14

twitter is still twitter... doesn't matter who owns it getagrip_already Jan 2023 #18

The class has to show evidence of loss, harm, damage for each member of the class. ancianita Jan 2023 #11

Kick dalton99a Jan 2023 #7

Does this mean the internet is not safe? twodogsbarking Jan 2023 #15

Does it matter? Most Social Media users already give away all their personal information. Wonder Why Jan 2023 #16

bucolic_frolic

(43,362 posts)

1. That's a wake up call

Reply to brooklynite (Original post)

Wed Jan 4, 2023, 10:09 PM

Jan 2023

Dormant address now receiving spam. So someone is using the stolen information.

FakeNoose

(32,819 posts)

2. They don't have mine, but still this makes me very angry

Reply to brooklynite (Original post)

Wed Jan 4, 2023, 10:13 PM

Jan 2023

Corporate negligence on a grand scale.

tamtamp

(17 posts)

3. Musk will tweet that The Matrix Deep State did the hacking

Reply to brooklynite (Original post)

Wed Jan 4, 2023, 10:20 PM

Jan 2023

To hurt him .
The guy is that crazy.

NullTuples

(6,017 posts)

4. Yet this benefits him if it pushes Twitter users into 2FA

Reply to tamtamp (Reply #3)

Wed Jan 4, 2023, 10:29 PM

Jan 2023

All those sweet, sweet phone numbers and the identity triangulation they provide.

Trueblue1968

(17,242 posts)

5. how do we find out if our info is online?

Reply to brooklynite (Original post)

Wed Jan 4, 2023, 10:33 PM

Jan 2023

OnlinePoker

(5,727 posts)

8. If you've registered for Twitter, assume it's out there. n/t

Reply to Trueblue1968 (Reply #5)

Wed Jan 4, 2023, 11:17 PM

Jan 2023

getagrip_already

(14,891 posts)

17. there are services that will look on the dark web for info you register with them....

Reply to Trueblue1968 (Reply #5)

Thu Jan 5, 2023, 04:21 PM

Jan 2023

Of course, you have to give them names, phone numbers, credit card numbers, etc, if you want them to tell you if they are out there....

Catch 22 in a way.

But companies are supposed to notify users if they have been the subject of a breach. Again, a catch 22 if they don't.

ancianita

(36,157 posts)

6. This could seriously put Musk out of business. Further into the report...

Reply to brooklynite (Original post)

Wed Jan 4, 2023, 11:01 PM

Jan 2023

(bolded for emphasis)

...Peiter Zatko, had been arguing internally that Twitter was grossly unprepared to fend off hacking attempts, and he later filed a formal whistleblower complaint with the Securities and Exchange Commission and testified about the deficiencies in Congress.

While 235 million published records ranks among the largest breaches anywhere, it is only the latest in a stretch of security disasters at Twitter dating back more than a decade. Frequent account takeovers led to a 2011 settlement with the FTC that Zatko said the company has been violating.

While Elon Musk previously used Zatko’s testimony about poor security practices in a failed attempt to get out of buying the company, he has since laid off many of its security staffers.

Hackers aren't out to harm the public, imo. This event, imo, is to warn the public off Musk's hobbled platform. Hackers have warned of single owner platforms being corrupted to reflect the owners' political or world view. Even we have discussed that.

Related to this hack is what Techdirt says is the general issue of important real time agencies and journalists getting to platforms (like Mastodon and other sites of the fediverse) that secure and support real factual reporting.

... it isn’t just journalists who’ve come to rely on Twitter. Birds of a feather on various social and professional topics have flocked together there. We all need to help ensure that “Black Twitter” and “Science Twitter” — and so many more — have a way forward, too. They have become a vital source of information not just for the wider public but within their own ranks (or that relatively small part of the public that uses Twitter, anyway). As Bloomberg’s Lisa Jarvis wrote recently, “Science Twitter needs a new home.”

Meanwhile, countless government agencies also use the birdsite as a vehicle for messaging of all kinds. In situations where people want the vital news — such as forest fires, storms, etc. — Twitter has become one of the default places to check.
They, too, can and should migrate to services like Mastodon. They should plan collaboratively to cut over to their own verified instances, in an orderly way that gives their constituents notice and time to get adjusted to the new system...

The best time for journalists and others to have recognized the threat of centralized systems run by unreliable, untrustworthy dictators would have been years ago. The next best time is tomorrow.

https://www.techdirt.com/2023/01/04/journalists-and-others-should-leave-twitter-heres-how-they-can-get-started/

Trueblue1968

(17,242 posts)

9. twitter users should file a class action lawsuit against him

Reply to ancianita (Reply #6)

Wed Jan 4, 2023, 11:31 PM

Jan 2023

highplainsdem

(49,044 posts)

10. The data breach happened before he took over. I read somewhere

Reply to Trueblue1968 (Reply #9)

Wed Jan 4, 2023, 11:42 PM

Jan 2023

that the hacker tried to get Musk to pay to keep the data from being posted online, but I don't remember where I read it or the exact details.

ancianita

(36,157 posts)

12. That was an older one from 2011. But this is a newer, bigger and worse one.

Reply to highplainsdem (Reply #10)

Wed Jan 4, 2023, 11:49 PM

Jan 2023

highplainsdem

(49,044 posts)

13. This large data breach happened in 2021.

Reply to ancianita (Reply #12)

Wed Jan 4, 2023, 11:52 PM

Jan 2023

ancianita

(36,157 posts)

14. Okay. Guess I'm also thinking of another one before Musk took over. Because this

Reply to highplainsdem (Reply #13)

Thu Jan 5, 2023, 12:02 AM

Jan 2023

might be the first time hacking's been done, but it's not the first time accounts have been tampered with, even hijacked.

getagrip_already

(14,891 posts)

18. twitter is still twitter... doesn't matter who owns it

Reply to highplainsdem (Reply #13)

Thu Jan 5, 2023, 04:24 PM

Jan 2023

You can still sue them for things that happened before the takeover.

ancianita

(36,157 posts)

11. The class has to show evidence of loss, harm, damage for each member of the class.

Reply to Trueblue1968 (Reply #9)

Wed Jan 4, 2023, 11:48 PM

Jan 2023

I'm no lawyer, but I doubt that will happen. If it does, it will take years. In the meantime, the solution is to gravitate to other more democratically run platforms in the fediverse.