The email addresses of over 200 million Twitter users have reportedly been compromised in the data breach.
The UK has around 18 million Twitter users, but it is unknown how many British users this may have affected.
The social media site has yet to confirm the attack, but co-founder of Israeli cybersecurity firm Hudson Rock, Alon Gal, who first announced the breach in a Linkedin post, called it “one of the most significant leaks” he had ever seen.
Gal confirmed that the information published on a popular online discussion forum where cybercriminals exchange data is likely to “lead to a lot of hacking, targeted phishing and doxxing.”
While Gala’s claims have yet to be officially verified, he was able to provide screenshots of online boards to verify his claims.
The Elon Musk-led company has laid off many IT staff since the $44 billion acquisition closed in November, which has cut the firm’s workforce by nearly half as part of the tycoon’s cost-cutting efforts.
This shift took with it many of the company’s key cybersecurity employees; Twitter’s head of information security, Lea Kissner, resigned via a tweet last November.
However, it is not known if the breach happened while the company was under Musk, and the data could have been compromised much earlier.
Meanwhile, Twitter has been under attack for years for alleged cybersecurity practices.
Former Twitter security chief Peiter “Mudge” Zatko alleged in August 2022 that in a filing with the U.S. Securities and Exchange Commission, Federal Trade Commission, and U.S. Department of Justice, he “discovered Twitter’s extreme, glaring deficiencies in all areas of its mandate, including including… user privacy, digital and physical security, and platform integrity/content moderation.”
Zatko, who served on Twitter from November 2020 to January 2022, was fired by former Twitter CEO Parag Agrawal, who accused him of spreading false narratives.
The claims included allegations that 30 percent of Twitter employees had disabled software and security updates on their devices.
Ceri Shaw, Director of Delivery at CodeClan, advises Twitter users to closely monitor suspicious activity such as “password reset emails, unusual pop-ups on their devices, and targeted phishing emails.”
Shaw also strongly advises Twitter to consider looking at its security settings and regularly updating passwords to make them hard to guess.
She added: “Passwords should contain a combination of special characters, letters and numbers and should not be related to any personal information.”
The financial consequences for Twitter in the aftermath of such an incident can be very serious, with many major tech companies facing multimillion-dollar fines as a result of major data breaches.
In November 2022, Irish data protection regulators fined Facebook owner Meta €265m (£230m) for a breach that leaked the data of over 500 million users, allegedly affecting a significant number of EU users.