Cyber Incident Victim: Twitter

In January 2024, a large-scale data breach was uncovered and subsequently referred to as the 'mother of all breaches'. The breach was identified when a database containing over twenty-six billion records was discovered. Among the records found in the database were entries associated with Twitter, as well as with Adobe, Canva, LinkedIn, and Dropbox. No organization immediately claimed responsibility for the compilation or exposure of the data.

The discovery added to a growing trend of massive credential and personal data collections reported in recent years. Earlier reports cited in the same source noted that approximately 4.5 billion records were exposed in the first half of 2018 and that a collection of 2.7 billion identity records, comprising 774 million unique email addresses and 21 million unique passwords, appeared for sale in 2019. The January 2024 incident contributed to the cumulative volume of exposed records tracked by breach monitoring efforts. The presence of Twitter data within the database indicated that Twitter user information was among the material that had been aggregated.

Because the source material does not specify the exact number of Twitter records involved, the precise scale of the Twitter-specific exposure remains unspecified. Similarly, no details are provided about how the Twitter data was obtained, what specific fields were included, or what actions Twitter took after the breach was identified. The lack of a claimed responsibility leaves the attribution of the breach to an unknown actor or group. Consequently, the public record of the incident reflects only the fact that Twitter records were part of the larger uncovered database and that no entity has asserted ownership of the breach.