Ireland’s Data Protection Commission on Friday opened a probe into Twitter over a data breach that has reportedly affected more than 5 million users.
The opening of the investigation comes after the data of millions of Twitter users appeared online in late November.
Twitter confirmed in August that hackers had exploited a vulnerability in its system — since fixed — to obtain profiles linked to phone numbers and emails, and vice versa.
While Twitter did not confirm the number of accounts affected, media reports citing hackers said that the profile details, including email addresses and phone numbers, of 5.4 million users had been shared for free on a hacker forum as recently as November 24.
According to a statement on its website, the Irish DPC opted to launch a probe after exchanges with Twitter gave it the impression that the company may have violated the EU’s strict privacy code, the General Data Protection Regulation (GDPR).
News of a privacy probe will pour fresh scrutiny on Twitter after the head of the Irish regulator, Helen Dixon, told POLITICO in November that she was worried about a range of issues at the company following Elon Musk’s takeover, including Musk’s changes to the “blue check” verification program.
Twitter also faced accusations this summer that its approach to data security is “grossly negligent” from one of its former security chiefs, Peiter “Mudge” Zatko, who is well-respected in the field.
The company has already been fined €450,000 for a separate data breach by the Irish DPC, which is its lead EU authority because it has its European HQ in Dublin, while the large-scale scraping of user data recalls a similar incident at Meta’s Facebook, for which it was fined €265 million by the Irish authority last month.
Twitter did not immediately respond to a request for comment.
Discussion about this post