December 23, 2022 10:06 AM
Source: DALL-E
The Irish Data Protection Commission (DPC) has launched an inquiry regarding a massive Twitter data leak following last month's news reports that non-public information belonging to over 5.4 million Twitter user records has been leaked on a hacking forum.
This data was stolen by exploiting an API vulnerability Twitted fixed in January and consists of scraped public info as well as private phone numbers and email addresses.
"The DPC corresponded with Twitter International Unlimited Company ('TIC') in relation to a notified personal data breach that TIC claims to be the source vulnerability used to generate the datasets and raised queries in relation to GDPR compliance," the Irish privacy regulator said on Friday.
"The DPC, having considered the information provided by TIC regarding this matter to date, is of the opinion that one or more provisions of the GDPR and/or the Act may have been, and/or are being, infringed in relation to Twitter Users' personal data."
Twitter's lead EU watchdog wants to determine if Twitter has complied with its obligation as a data controller regarding the processing of users' data and if it infringed any General Data Protection Regulation (EU GDPR) or Data Protection Act 2018 provisions.
The privacy watchdog fined Twitter €450,000 (~$550,000) two years ago for failing to notify the DPC of a breach within the 72-hour timeframe imposed by the GDPR and to adequately document it.
Meta was also fined €265 million ($275.5 million) by the DPC in November for a massive 2021 Facebook data leak exposing the personal info of hundreds of million users worldwide.
The Facebook user data was also shared on a well-known hacking forum at the time, allowing threat actors to use it in targeted attacks.
