Over 200 Million Twitter Users Email Published On Popular Hacker Forum for $2

On the hacker forum, a dataset purportedly comprising the electronic mail addresses and call numbers of larger than 400 million Twitter users used to be listed for sale for roughly $2. On December 23, 2022, a hacker going below the name “Ryushi” published the dataset for the main time.

Alon Gal, the co-founder of the Israeli security company Hudson Rock, saw the advert on a smartly-identified underground market and remarked, “This database goes to be pale by hackers, political hacktivists, and for constructive governments to difficulty our privateness even additional”.

Hackers Historic Data Scraping Methodology

The hacker had claimed to personal mute the data by utilizing a “data scraping approach” and a now-patched vulnerability in Twitter’s instrument in 2021.

Experiences stated that chance actors and data breach hunters were selling and distributing expansive data gadgets of scraped Twitter user profiles since July twenty 2d, 2022, encompassing both deepest (equivalent to phone numbers and electronic mail addresses) and public data.

These data gadgets were in-built 2021 by taking use of a flaw within the Twitter API that allow users enter electronic mail addresses and call numbers to envision whether they were linked to a Twitter ID.

The chance actors then merged this public data with deepest electronic mail addresses and call numbers to arrangement profiles of Twitter users by the use of one more API to pickle the public Twitter data for the ID.

200 Million Twitter Customers E mail Published Online

On the Breached hacking forum, a chance actor sold a data keep containing 200 million Twitter profiles for eight credit ranking, which is roughly equal to $2.

This recordsdata keep reportedly corresponds to the 400 million-line keep that used to be in circulation in November but has been cleaned up to do away with duplicates, bringing the total down to about 221,608,279 traces.

Additionally, the data used to be made readily accessible in a RAR archive with six text recordsdata totaling 59 GB in measurement.

As illustrated below, each line within the recordsdata corresponds to a Twitter user and their connected recordsdata, which involves electronic mail addresses, names, camouflage camouflage names, apply counts, and myth creation dates.

Severely, your recordsdata can also simply or can also simply no longer be in this recordsdata keep, looking on whether or no longer your electronic mail address used to be printed in prior data breaches. Your electronic mail address wouldn’t were added to this recordsdata series if it used to be handiest pale by Twitter or if it wasn’t most ceaselessly compromised.

Final Note

Although this recordsdata leak just correct involves electronic mail addresses chance actors can also simply exploit it to launch phishing attacks on accounts, in particular verified ones.

This disclosure raises serious privateness concerns, in particular for nameless Twitter users. It’ll be feasible to name nameless Twitter users the use of this leak and point to their accurate identities.

The aim of focused phishing scams is to seize your passwords or other soft recordsdata, so all Twitter users desires to be on the gape for these.