 |
| The email addresses of 200 million Twitter users have been leaked online |
A hacker is offering the allegedly compromised email addresses of more than 200 million Twitter users for $2 on a popular hacking forum.
Since July last year, hackers have released a large data set of Twitter user profiles extracted from the website, which contains private data such as phone numbers and email addresses, as well as public data such as usernames, registration data, and for sale on various forums, hacking marketplaces. and electronic crimes.
The records were created in 2021 by exploiting a vulnerability in the Twitter API that allowed users to enter email addresses and phone numbers to confirm whether they were indeed associated with a Twitter ID.
The hackers then used another API to extract Twitter's public metadata and combine this public data with private email addresses and phone numbers to create Twitter user profiles.
Although the vulnerability will be patched in January 2022, several hackers have recently begun giving away data sets they collected over a year ago for free.
The first record, which has about 5.4 million users, sold for $30,000 last July and was made available for free on November 27. In November, another dataset was released in particular, which allegedly contained data from around 17 million users.
Recently, a hacker released a dataset that he claimed contained 400 million Twitter profiles that he had collected using the vulnerability.
Now a hacker has posted a record 200 million Twitter profiles on the hacked forum in exchange for 8 points in the forum currency, or about $2.
He claimed the dataset was the same as what was exchanged with 400 million profiles last November, but cleaned to remove duplicates, bringing the total number of rows down to about 221,608,279 rows. However, BleepingComputer tests have confirmed that there are duplicate rows in this group, as well as correct data for many accounts in the leak.
The data was exported as an archive (RAR) containing 6 text files totaling 59 GB of data. Each row in the file represents a Twitter user and their information, including email address, name, display name, number of followers, and the date the account was created.
It should be noted that the risk of this data being leaked is that hackers use email addresses to launch phishing attacks on accounts, especially verified accounts with a large number of subscribers.
This leak is also a major privacy issue, especially for Twitter users who tweet anonymously. Thanks to this leak, it is possible to identify anonymous Twitter users and reveal their true identity.
All Twitter users are advised to beware of targeted phishing scams that attempt to steal their passwords or other sensitive information.