2 min read

Data Leak Exposes Email Addresses of Over 200 Million Twitter Users

Vlad CONSTANTINESCU

January 05, 2023

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Data Leak Exposes Email Addresses of Over 200 Million Twitter Users

A massive data leak, allegedly comprising the email addresses of over 200 million Twitter users, has been published on a popular hacking forum, and is offering access for a mere $2 in forum credits.

Security experts have confirmed the legitimacy of several email addresses exposed by the leak.

A security incident in 2021 involving the exploitation of a Twitter API vulnerability allowed users to check if phone numbers and email addresses were associated with Twitter accounts by simply inputting them. Threat actors used the flaw to generate data sets from the exposed credential combinations.

Since then, various actors have attempted to sell data sets that resulted from the exploited Twitter API vulnerability. In July 2022, a data broker uploaded to a hacking forum a database with the stolen info of 5.4 million Twitter users.

Although Twitter fixed the vulnerability in January 2022, perpetrators who managed to scrape enough information have now started to leak it.

Yesterday, a member of the notorious Breached hacking forum published a dataset holding north of 200 million Twitter profiles in exchange for eight forum credits valued at approximately $2, or a penny per 1,000 profiles.

A similar data set circulated in November last year, leading researchers to believe the new leak is merely a cleaned-up, duplicate-free version. The “original” leak comprised the data of approximately 400 million Twitter profiles; upon closer inspection, researchers discovered many of the entries were, in fact, duplicates.

The leak only contains email addresses and phone numbers associated with Twitter accounts, but this could lead even affected users towards a false sense of security. On the other hand, perpetrators could use the newly exposed data in various malicious scenarios even without matching passwords, such as:

  • Phishing campaigns
  • Crypto scams
  • Doxxing – revealing the identity of anonymous Twitter users
  • Credential stuffing attacks (especially effective if the email address was leaked in previous data breaches)

Specialized software like Bitdefender Digital Identity Protection can keep your identity safe against data breaches. Key features include:

  • Comprehensive digital footprint overview that includes even traces from no-longer-used services
  • Public and Dark web monitoring tool that reports breaches that could compromise your personal data and identity
  • Simple, 1-click actions that help you address leaks and weak points in your digital footprint

tags


Author


Vlad CONSTANTINESCU

Vlad's love for technology and writing created rich soil for his interest in cybersecurity to sprout into a full-on passion. Before becoming a Security Analyst, he covered tech and security topics.

View all posts

You might also like

Bookmarks


loader