- This robot vacuum has a side-mounted handheld vacuum and is $380 off for Black Friday
- This 2 TB Samsung 990 Pro M.2 SSD is on sale for $160 this Black Friday
- Buy Microsoft Visio Professional or Microsoft Project Professional 2024 for just $80
- Get Microsoft Office Pro and Windows 11 Pro for 87% off with this bundle
- Buy or gift a Babbel subscription for 78% off to learn a new language - new low price
Over 200 Million Twitter Users’ Details Leaked on Hacker Forum
Records of 235 million Twitter accounts have been posted to an online hacking forum, exposing identities by enabling anonymous handles to be linked to email addresses and related real-world names.
According to security expert and Hudson Rock CTO Alon Gal, who had verified the data, the database was circulating heavily earlier in the week and has now been leaked.
“The database contains 235,000,000 unique records of Twitter users and their email addresses and will, unfortunately, lead to a lot of hacking, targeted phishing, and doxxing,” the cybersecurity expert wrote on LinkedIn. “This is one of the most significant leaks I’ve seen.”
The leaked data also reportedly included names, usernames, email addresses, follower counts and creation dates.
According to VMware’s product line marketing manager Ron Scott-Adams, however, the data is at least two years old and consists mainly of publicly available information (excluding email addresses).
Jamie Boote, associate principal consultant at Synopsys, told Infosecurity the data could have resulted from a web scraping job leveraging an old (and now fixed) Twitter bug.
“In 2021, people discovered that the Twitter API could be used to disclose email addresses that were provided from other sources and also leak some other semi-public info like tying a Twitter handle with that email address,” said Boote.
“Several groups then used leaked email dumps as seed material to start farming for handles that they could then [use to] gather other information such as follower counts, profile creation date, and other information available on a Twitter profile.”
The executive added that the issue was fixed last year, so the leak looks like someone “collected a bunch of these—plus combined with some new accounts—and tried to get [Elon] Musk to pay up for them.”
Boote said this is a typical example of how an unsecured API that developers design to “just work” can remain unsecured because when it comes to security, what is out of sight is often out of mind.
“Humans are terrible at securing what they can’t see. As always, malicious actors have your email address,” Boote added.
“To be safe, users should change their Twitter password and make sure it’s not reused for other sites. And from now on, it’s probably best to just delete any emails that look like they’re from Twitter to avoid phishing scams.”
The leak comes weeks after a separate breach affected over five million Twitter users in November 2022.
