On the hacker forum, a dataset purportedly comprising the email addresses and phone numbers of more than 400 million Twitter users was listed for sale for about $2. On December 23, 2022, a hacker going under the name “Ryushi” published the dataset for the first time.
Alon Gal, the co-founder of the Israeli security company Hudson Rock, saw the ad on a well-known underground marketplace and remarked, “This database is going to be used by hackers, political hacktivists, and of course governments to harm our privacy even further”.
Hackers Used Data Scraping Technique
The hacker had claimed to have collected the data by utilizing a “data scraping technique” and a now-patched vulnerability in Twitter’s software in 2021.
Reports stated that threat actors and data breach hunters have been selling and distributing large data sets of scraped Twitter user profiles since July 22nd, 2022, encompassing both private (such as phone numbers and email addresses) and public data.
These data sets were built in 2021 by taking use of a flaw in the Twitter API that let users enter email addresses and phone numbers to check whether they were linked to a Twitter ID.
The threat actors then merged this public data with private email addresses and phone numbers to develop profiles of Twitter users by using another API to scrape the public Twitter data for the ID.
200 Million Twitter Users Email Published Online
On the Breached hacking forum, a threat actor sold a data set containing 200 million Twitter profiles for eight credits, which is roughly equal to $2.
This data set reportedly corresponds to the 400 million-line set that was in circulation in November but has been cleaned up to remove duplicates, bringing the total down to about 221,608,279 lines.
Also, the data was made available in a RAR archive with six text files totaling 59 GB in size.
As illustrated below, each line in the files corresponds to a Twitter user and their associated information, which includes email addresses, names, screen names, follow counts, and account creation dates.
Notably, your information may or may not be in this data set, depending on whether or not your email address was revealed in prior data breaches. Your email address wouldn’t have been added to this data collection if it was only used by Twitter or if it wasn’t frequently compromised.
Despite the fact that this data leak just includes email addresses threat actors may exploit it to launch phishing attacks on accounts, particularly verified ones.
This disclosure raises serious privacy concerns, particularly for anonymous Twitter users. It might be feasible to identify anonymous Twitter users using this leak and reveal their real identities.
The aim of targeted phishing scams is to steal your passwords or other sensitive information, so all Twitter users should be on the watch for these.
Secure Web Gateway – Web Filter Rules, Activity Tracking & Malware Protection – Download Free E-Book