Over 230 million emails exposed after Twitter accounts hacked – NBC Bay Area

Personal emails linked to 235 million Twitter accounts that were hacked some time ago have been left unprotected, according to Israeli security researcher Alon Gal, putting millions of accounts at risk or exposing identities if they use the site anonymously to criticize Twitter for repressive governments, for example. example.

Gall, co-founder and chief technology officer of cybersecurity firm Hudson Rock, wrote this week in a LinkedIn post that the leak “will unfortunately lead to a significant amount of hacking, targeted phishing, and information exfiltration.”

Although passwords for accounts are not leaked, malicious hackers can use emails to try to reset passwords, guess them if they are commonly used or reuse them with other accounts.

An Israeli security researcher, Alon Gal, broke the news

This is particularly risky if accounts are not protected by two-factor authentication, which adds a second layer of security to password-protected accounts by requiring users to enter an automatically generated code to log in.

Experts say those who use Twitter anonymously should have a dedicated Twitter email address that does not reveal their identity and use it just for Twitter.

While the hack appears to have happened before Elon Musk took over Twitter, news of the leaked emails adds another headache for the billionaire, whose first two months at the helm of the company have been messy, to say the least.

At the moment, Twitter has not responded to messages seeking comment about the cyberattack.

News of the hack could land the company in trouble with the Federal Trade Commission. San Francisco-based Twitter signed a consent agreement with the agency in 2011 that required it to address serious flaws in data security.

Twitter paid a $150 million fine last May, several months before it was acquired by Musk, for violating a consent order.

The updated version put in place new measures that require the company to implement an enhanced privacy protection program, in addition to strengthening information security.