A hacker has leaked the email addresses of more than 235 million Twitter users. The breach is a significant blow to privacy, a co-founder of Israeli cybersecurity firm Hudson Rock told CNBC. He added that phishing attacks are an ever-present threat for internet users, and the database is a goldmine for hackers.
Twitter users are being warned to reset their passwords after hackers obtained email addresses for more than 235 million of them and published the information.
The names, email addresses, and phone numbers of users were exposed in a data breach on Thursday. Twitter said it was resetting passwords for all affected accounts but advised users to be on the lookout for suspicious activity. The breach comes just days after Facebook revealed that hackers had accessed the personal data of nearly 50 million users.
The passwords were not exposed, but the email addresses were. The company said it was notifying users and had already taken steps to secure their accounts. Twitter declined to comment on how many passwords were reset or if there was evidence that hackers stole any. “We are conducting an internal review of our security measures and have no additional information to share at this time,” a spokesman said.
The breach comes as Twitter is dealing with a rash of account hijacking, including that of the Associated Press.
The company has said it’s taking steps to secure accounts and prevent hackers from being able to access them. “We reset passwords for Twitter accounts when we believe there may be a risk of suspicious activity,” the spokesman said in an email.
“The reset process is designed to ensure that if a hacker has acquired your password, he or she cannot access the account without first providing the new password.” The spokesman declined to say how many Twitter accounts were affected in this incident. The company also did not say whether users should consider changing their passwords as a precautionary measure.
“We are conducting an internal review of our security measures and have no additional information to share at this time.” The company didn’t say how many accounts were affected. Still, it investigated the breach and worked with law enforcement officials.