A massive data leak, allegedly comprising the email addresses of over 200 million Twitter users, has been published on a popular hacking forum, and is offering access for a mere $2 in forum credits.
Security experts have confirmed the legitimacy of several email addresses exposed by the leak.
A security incident in 2021 involving the exploitation of a Twitter API vulnerability allowed users to check if phone numbers and email addresses were associated with Twitter accounts by simply inputting them. Threat actors used the flaw to generate data sets from the exposed credential combinations.
Since then, various actors have attempted to sell data sets that resulted from the exploited Twitter API vulnerability. In July 2022, a data broker uploaded to a hacking forum a database with the stolen info of 5.4 million Twitter users.
Although Twitter fixed the vulnerability in January 2022, perpetrators who managed to scrape enough information have now started to leak it.
Yesterday, a member of the notorious Breached hacking forum published a dataset holding north of 200 million Twitter profiles in exchange for eight forum credits valued at approximately $2, or a penny per 1,000 profiles.
A similar data set circulated in November last year, leading researchers to believe the new leak is merely a cleaned-up, duplicate-free version. The “original” leak comprised the data of approximately 400 million Twitter profiles; upon closer inspection, researchers discovered many of the entries were, in fact, duplicates.
The leak only contains email addresses and phone numbers associated with Twitter accounts, but this could lead even affected users towards a false sense of security. On the other hand, perpetrators could use the newly exposed data in various malicious scenarios even without matching passwords, such as:
Specialized software like Bitdefender Digital Identity Protection can keep your identity safe against data breaches. Key features include:
tags
Vlad's love for technology and writing created rich soil for his interest in cybersecurity to sprout into a full-on passion. Before becoming a Security Analyst, he covered tech and security topics.
View all postsDecember 19, 2024
November 14, 2024