A renowned hacker site has revealed a data leak containing the email addresses of 235 million Twitter users. Many specialists evaluated it right once and confirmed the authenticity of many of the entries in the massive, leaked archive.
A threat actor released data from 5.4 million Twitter accounts at the end of July after exploiting a now-fixed vulnerability in the popular social networking platform. In January, a Hacker report claimed the discovery of a vulnerability that can be used by an attacker to find a Twitter account using the linked phone number/email, even if the user has elected to avoid this in the privacy settings.
Multiple threat actors exploited the weakness to scrape Twitter user profiles comprising both private (phone numbers and email addresses) and public data. The scraped data was then sold on numerous internet cybercrime marketplaces.
Twitter stated in August that the data breach was caused by a now-patched zero-day flaw reported by researcher zhirinovskiy via bug bounty platform HackerOne, for which he got a $5,040 prize. Data from 5.4 million Twitter users stolen from several threat actors and aggregated with data from prior breaches became available online in November. Another Twitter data leak made headlines in December, when a threat actor stole data from 400,000,000 Twitter users and sought to sell it.
The seller claimed the database was private, and he gave a sample of 1,000 accounts as proof, which included the personal information of renowned users such as Donald Trump JR, Brian Krebs, and others. The seller, a member of a renowned data breach site, claimed the information was obtained through a vulnerability. The database contains the emails and phone numbers of celebrities, politicians, businesses, regular users, and a large number of OG and unique usernames.
On Breach Forums, a threat actor has now published an archive containing the data of 235,000,000 users, which can be downloaded for eight credits. According to BleepingComputer, unlike past data leaks resulting from this Twitter API weakness, this data leak does not disclose whether an account is verified.
Experts worry that the disclosed data might be utilised by threat actors to target platform users. "Hackers will use the newly disclosed database to:
- Identify Crypto Twitter accounts (.eth in name or other methods)
- Infiltrate high-profile accounts (follower count or otherwise)
- Use suitable usernames to hack into "OG" accounts.
- Hijack political accounts
- Doxx "anonymous" Twitter accounts that did not use a dedicated email address
Twitter database leaks for free with 235,000,000 records.
— Hudson Rock (@RockHudsonRock) January 4, 2023
The database contains 235,000,000 unique records of Twitter users and their email addresses and will unfortunately lead to a lot of hacking, targeted phishing, and doxxing.
This is one of the most significant leaks ever. pic.twitter.com/kxRY605qMZ
Please do not enter any spam link in the comment box.