On a famous hacker site, a data dump that is said to contain the email addresses of more than 200 million Twitter users were recently offered for sale at a price of approximately $2, BleepingComputer reports. BleepingComputer was able to verify the authenticity of a significant number of the email addresses that were included in the breach.
According to BleepingComputer, the dataset that is accessible to the general public has 59 GB worth of data about users on Twitter. The latest leaked dataset, in contrast to the earlier Twitter leak that was announced in late December, is completely open to the public and allows anyone to download it.
Since July 22nd, 2022, numerous online hacker forums have been selling and disseminating sizable data sets of scraped Twitter user profiles containing both private (phone numbers and email addresses) and public data.
These data sets were created in 2021 by exploiting a vulnerability in the Twitter API that allowed users to submit email addresses and phone numbers to validate whether or not they were related to a Twitter ID.
After that, the threat actors scraped the public Twitter data for the ID using another API, and then they integrated that public data with private email addresses and phone numbers to create profiles of Twitter users.
Despite the fact that Twitter patched this vulnerability in January 2022, various threat actors have just started making the data sets they gathered more than a year ago publicly available for free.
In July, a data collection containing information on 5.4 million people was offered for sale at a price of $30,000; however, it was eventually made available for free on November 27th, 2022. In November, there were rumors circulating privately about another data dump that supposedly contained the personal information of 17 million people.
Hacker Offers Elon Musk a deal After Stealing 400 Million Twitter Accounts
A threat actor began offering a data set in late December 2022, claiming that it comprised 400 million Twitter profiles that had been obtained by exploiting this vulnerability.
Twitter handles, usernames, email addresses, and phone numbers were all part of the dataset that was made public in December. The database that is accessible to the public also contains this same kind of information. It is possible that threat actors used the prior breach to compile a thorough database, deleted duplicates, and ended up with a database that was smaller but more accurate.
Because it is believed that Twitter has more than 320 million users, the publicly published database most likely makes it possible to match user handles on Twitter with the user names and email addresses of the vast majority of the social network’s users.
The experts in security believe that users are becoming accustomed to the fact that their data is being leaked left and right and that they are unlikely to be surprised by the leak that occurred on Twitter. In the meantime, data protection watchdogs will be keeping a close check on Twitter run by Elon Musk. After the breach that occurred the previous week, Ireland’s Data Protection Commission (DPC) stated that it “will examine Twitter’s compliance with data protection law in relation to that security issue.”
Researchers have already reported that important personalities’ Twitter accounts were hacked when cybercriminals posted an ad on Twitter advertising the sale of user data. It seems highly unlikely that the hacking and subsequent deletion of the Twitter account belonging to British media star Piers Morgan was a random occurrence.
It is important to keep in mind that, in addition to the data breach that occurred on Twitter, millions of users had their information compromised on Facebook, Linkedin, and other platforms as recently as a few weeks ago.
Because of this, the data protection authorities in Ireland levied a fine of $277 million against the parent company of Facebook, which is called Meta, for revealing the personal information of millions of users.
According to Cyber News, European regulators have previously fined Twitter for revealing the personal information of 5.4 million users in the month of July. It is also vital to mention that this fine was issued.
Users of Twitter should be on the lookout for targeted phishing attacks that may attempt to steal their passwords or other personal information in light of the recent string of hacking incidents that have been occurring.