Ireland’s privacy watchdog has asked Twitter to provide information about a data scraping incident that saw the profile details — including emails and phone numbers — of millions of Twitter users leaked online.
The Irish Data Protection Commission, in charge of overseeing Twitter’s operations in the European Union, sent a letter to Twitter seeking an explanation following reports about the breach, a spokesperson for the regulator told POLITICO.
“We’re now waiting for their response,” said Graham Doyle, who’s also deputy data protection commissioner.
Twitter confirmed back in August that hackers had exploited a vulnerability in its system — since fixed — to obtain Twitter profiles linked to phone numbers and emails, and vice versa.
While Twitter did not confirm the number of accounts affected, media reports citing hackers said that the profile details, including email addresses and phone numbers, of 5.4 million users had been shared for free on a hacker forum as recently as November 24. According to website bleepingcomputer.com, a second dump of Twitter profile accounts, exploiting the same vulnerability, had exposed the details of millions more users.
The Dublin-based regulator said it was seeking information on reports of both incidents.
The large-scale scraping of user data recalls a similar incident at Meta’s Facebook, for which it was fined €265 million by the Data Protection Commission last week.
Dublin already has two open investigations into Twitter that predate Elon Musk’s arrival as the company’s CEO. Irish Data Protection Commissioner Helen Dixon told POLITICO last month that her office would be “probing” the company’s directors about the ongoing probes, including one in its final stages.
Twitter did not respond to a request for comment.
