According to reports this week, Twitter lost user email addresses, phone numbers, and other identifying data though a leak—an earlier, private exploit of a now-patched API vulnerability that allowed info of over 200 million users to be scraped. Affected users face the risk of hostile takeovers of accounts (both on Twitter and other locations tied to the data) plus the possibility of having their identity revealed if they’d been using the site anonymously.
You don’t have to wait for the other shoe to drop, however. Security website Have I Been Pwned is already allowing people to check if they were affected—meaning you can be proactive about understanding (and addressing) your level of risk.
Simply hop over to the site, then enter your email address or phone number to see all the major data breaches you’ve been caught in. (Caveat: HIBP can’t warn you about a breach no one yet knows about.) If you’re part of this Twitter fiasco, it’ll appear on the list.
Troy Hunt, the security researcher behind the site, noted that 98 percent of the email addresses in the data dump were already in the Have I Been Pwned database—so now’s a good time to sign up for the site’s email notification service. You’ll get alerts whenever the database is updated and your email address is part of a new data breach. Now’s also the time to get busy shoring up your security, like using strong, unique passwords for every website, two-factor authentication, and even unique email masks or usernames.
Improving your Twitter security in particular might be a wise idea, given the company’s upheaval since its change in ownership. Since Musk’s takeover, much of the company was gutted, leaving a severely reduced workforce to grapple with site management—and no communications team to alert users to problems. These days the social media platform is far less trustworthy and you’re on your own if you stay.