Millions of Twitter users go by a handle, not their name. Posting on the social media platform is more anonymous that way.
But several security experts report that a breach of Twitter's system has exposed more than 200 million users and that anonymity may be at risk.
Over a seven-month period, a flaw in the platform’s application programming interface (API) allowed hackers to provide an email address they obtained from the dark web and be notified if the address was linked to a particular Twitter account.
The amount of data hackers got from the breach was limited. For example, hackers couldn’t access passwords or the content of messages. But linking the email with a Twitter account could have been used to identify the person using a particular handle.
Security experts say the breach is not to be taken lightly. In a LinkedIn post, Alon Gal, CTO at Hudson Rock, an Israeli security firm, predicted the hack would lead to a surge in phishing and “doxxing,” the act of revealing someone’s identity.
“This is one of the most significant leaks I've seen,” Gal wrote.
Gal said hackers will use the leaked Twitter database in several ways, including targeting crypto Twitter accounts and hacking “high profile” and political accounts.
“It goes without saying that agencies around the world will use this database as well to further harm our privacy,” he said.
Twitter has not commented on the breach but in August issued this statement, saying it had discovered the API flaw but at the time, did not believe any of the information had been compromised.