Data Leak Exposes Email Addresses of Over 200 Million Twitter Users
January 05, 2023
A massive data leak, allegedly comprising the email addresses of over 200 million Twitter users, has been published on a popular hacking forum, and is offering access for a mere $2 in forum credits.
Security experts have confirmed the legitimacy of several email addresses exposed by the leak.
A security incident in 2021 involving the exploitation of a Twitter API vulnerability allowed users to check if phone numbers and email addresses were associated with Twitter accounts by simply inputting them. Threat actors used the flaw to generate data sets from the exposed credential combinations.
Since then, various actors have attempted to sell data sets that resulted from the exploited Twitter API vulnerability. In July 2022, a data broker uploaded to a hacking forum a database with the stolen info of 5.4 million Twitter users.
Although Twitter fixed the vulnerability in January 2022, perpetrators who managed to scrape enough information have now started to leak it.
Yesterday, a member of the notorious Breached hacking forum published a dataset holding north of 200 million Twitter profiles in exchange for eight forum credits valued at approximately $2, or a penny per 1,000 profiles.
A similar data set circulated in November last year, leading researchers to believe the new leak is merely a cleaned-up, duplicate-free version. The “original” leak comprised the data of approximately 400 million Twitter profiles; upon closer inspection, researchers discovered many of the entries were, in fact, duplicates.
The leak only contains email addresses and phone numbers associated with Twitter accounts, but this could lead even affected users towards a false sense of security. On the other hand, perpetrators could use the newly exposed data in various malicious scenarios even without matching passwords, such as:
- Phishing campaigns
- Crypto scams
- Doxxing – revealing the identity of anonymous Twitter users
- Credential stuffing attacks (especially effective if the email address was leaked in previous data breaches)
Specialized software like Bitdefender Digital Identity Protection can keep your identity safe against data breaches. Key features include:
- Comprehensive digital footprint overview that includes even traces from no-longer-used services
- Public and Dark web monitoring tool that reports breaches that could compromise your personal data and identity
- Simple, 1-click actions that help you address leaks and weak points in your digital footprint
tags
Author
Vlad's love for technology and writing created rich soil for his interest in cybersecurity to sprout into a full-on passion. Before becoming a Security Analyst, he covered tech and security topics.
View all postsRight now Top posts
Start Cyber Resilience and Don’t Be an April Fool This Spring and Beyond
April 01, 2024
Spam trends of the week: Cybercrooks phish for QuickBooks, American Express and banking accounts
November 28, 2023
3 in 5 travel-themed spam emails are scams, Bitdefender Antispam Lab warns
August 10, 2023
FOLLOW US ON SOCIAL MEDIA
You might also like
Bookmarks
