A Twitter database containing the information of about 235 million users has recently been leaked on an online hacker forum.
According to Cybernews, the leak contains about 63GB of data, which includes users' names, email addresses, Twitter handles, follower count, and account creation dates. The database is even publicly available, allowing anyone to download it.
Alon Gal, the co-founder of the Israeli security company Hudson Rock, believes that hackers will exploit the freshly leaked Twitter database to target crypto accounts, hack into high-profile and political accounts, infiltrate accounts with good usernames, and dox accounts that didn't use a dedicated email for Twitter. "It goes without saying that agencies around the world will use this database as well to further harm our privacy," he said.
Twitter database leaks for free with 235,000,000 records.— Hudson Rock (@RockHudsonRock) January 4, 2023
The database contains 235,000,000 unique records of Twitter users and their email addresses and will unfortunately lead to a lot of hacking, targeted phishing, and doxxing.
This is one of the most significant leaks ever. pic.twitter.com/kxRY605qMZ
According to The Washington Post, the records were likely compiled in late 2021 using a Twitter vulnerability that allowed outsiders who got a hold of an email address or phone number to find any account matching that information on Twitter. These lookups could be automated to check an unlimited number of phone numbers and email addresses.
Twitter said in August last year that it learned of the flaw in January 2022 through its reward program for bug reports and the vulnerability had been mistakenly introduced in a code update many months prior. The flaw was taken advantage of later on by hackers who were spotted selling Twitter account handles and associated emails and phone numbers.
The new leak also appears to be related to a cybercrime group that obtained the data of about 400 million Twitter users in early December and demanded $200,000 to delete the files. Ireland’s Data Protection Commission announced that it was investigating the earlier breach, adding that the General Data Protection Regulation might have been violated.
Twitter has not yet commented on the matter.
Source: Cybernews, The Washington Post
12 Comments - Add comment