A security researcher said Wednesday that hackers stole the email addresses of more than 200 million Twitter users and put them on a website for hackers.

Alon Gal, co-founder of the Israeli cybersecurity monitoring firm Hudson Rock, wrote on LinkedIn that the breach “will unfortunately lead to a lot of hacking, targeted phishing, and doxxing.” He said that it was “one of the most important leaks” he had ever seen.

Since Gal first posted about the report on social media on December 24, Twitter hasn’t said anything about it or replied to questions about the breach. It wasn’t clear what, if anything, Twitter had done to look into or fix the problem.

Reuters was not able to confirm on its own that the information on the forum was real and came from Twitter. Screenshots of the hacker forum on Wednesday, where the information was posted, have been shared online.

Troy Hunt, who made the site Have Been Pawned, looked at the leaked information and said on Twitter that it seemed “pretty much like what’s been said about it.”

There were no hints about who or where the hackers were who caused the breach. It could have happened as early as 2021, which is before Elon Musk bought the company last year.
At first, people had different ideas about how big and wide the breach was. In December, for example, some said that 400 million email addresses and phone numbers were stolen.

Authorities on both sides of the Atlantic may be interested in a major breach at Twitter.
The Data Protection Commission in Ireland, where Twitter’s European headquarters are, and the Federal Trade Commission in the United States have been keeping an eye on the Elon Musk-owned company to make sure it follows European data protection rules and a U.S. consent order.

On Thursday, the two regulators did not respond right away to messages that were sent to them.