The Twitter database, containing about 235 million user data, has been exposed on a popular online hacker forum.
The Twitter database, containing about 235 million user data, has been exposed on a popular online hacker forum. This is one of the most significant data leaks yet recorded, said a cyber intelligence company.
The database was reportedly 63GB, and data contains user names, email addresses, screen names, the number of followers and the date of creation of accounts and phone numbers.
Since July 22nd, 2022, threat actors have been selling and circulating large data sets of Twitter user profiles containing private and public data on various online hacker forums.
These datasets were created in 2021 by exploiting Twitter API vulnerability, allowing users to input an email address and phone number to confirm whether they were associated with a Twitter ID.
Attackers used another API to scrap public Twitter data for the ID and combined public data with private phone numbers/email addresses to create profiles of Twitter users. Twitter fixed this flaw in January 2022, as multiple hackers recently began leaking data they collected for free over a year ago.
However, further investigation suggests the latest leak appears to be the same as the breach in December 2022, where a hacker called Ryushi leaked data from 400 million accounts on the dark web. The latest instance of 200 million accounts are remnants of the previous hack but cleaned up to not contain duplicates.
The forum post also included data from celebrities, corporations, journalists, politicians and government agencies. Those included the likes of Alexandria Ocasio-Cortez, Shawn Mendes, WHO and Piers Morgan, and Ronald Trump junior.
Instead of being listed for sale at $200,000 in December, the data is now available for free download, Reported private affairs.
The disclosure of unique records will lead to a lot of hacking, targeted phishing and doxing. The exposed data only contains email addresses, and it could use to conduct phishing attacks against accounts, especially verified ones. Attackers often use verified accounts with large followers to steal cryptocurrency through online scams.
This breach is also a privacy concern for users who tweet anonymously because this leak may be possible to identify anonymous users' real identities.
This breach is the latest in a string of cybersecurity problems the microblogging platforms have faced in the past year and the second in less than a month. However, it will not exceed the breach that Twitter suffered in 2018, which formed from a password bug, that exposed the account details of 330 million users.
The hacker warned Twitter that if they didn't buy the data before it was sold, users would "loss trust in you". Threat actors also blamed Twitter directly for the hack, saying, "at the end of the day, it's the company's fault this data was breached".
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?