Turn on two-factor authentication for your Twitter account now if you haven’t already.
The email addresses tied to 235 million Twitter accounts have been shared in an online hacking forum, per the Washington Post. While it doesn’t look like any other information leaked out, the obvious worry here is that malicious actors could potentially expose the identities of people who like to post anonymously using said email addresses. In countries that crack down hard on political dissent, for example, that could be a huge problem for online activists.
Right now, the consensus seems to be that these accounts were scraped in late 2021 using an exploit that Twitter identified and fixed in January 2022. The cybersecurity website Have I Been Pwned added this leak to its database, so you can go there, enter your email address, and find out if your account was affected by the hack.
Troy Hunt, owner of Have I Been Pwned, identified 211 million unique email addresses in the hack.
According to the online computer-centric community website BleepingComputer, there isn’t much you can do right now if your account was included in the hack. You can curb attempts by hackers to change your account’s password by turning on 2FA and you should be very wary of any emails that ask for personal information like a Twitter password, as they are likely phishing attempts.
Aside from that, all you can do now is hope and pray that Elon Musk left enough Twitter staff in place to prevent further leaks like this in the future.