Emails of 200 Million Twitter Users Leaked in Massive Data Breach
Image Courtesy: Flickr
Email addresses of more than 200 million Twitter users have been leaked in one of the biggest data breaches and posted on an online hacking forum.
Security researcher Alon Gal, co-founder of Israeli cybersecurity monitoring firm Hudson Rock, who first posted about the leak on LinkedIn, termed it “one of the most significant leaks” he has seen.
Gal told the BBC that the breach “will, unfortunately, lead to a lot of hacking, targeted phishing and doxing.” Doxing is the publishing of someone’s personal information that can lead to his/her identification.
Elon Musk-owned Twitter didn’t respond to BBC’s requests for comment about the breach.
According to BBC, some form users have expressed interest in the data with one saying: “Thanks for your service, cannot wait for the chaos.”
Reuters reported that the identity or location of the hacker or hackers is not known and the breach might have occurred as early as 2021.
Initially, the claims about the number of users whose emails were stolen were as high as 400 million. The hacker, Ryushi, had demanded $200,000 from Twitter to hand over the data and delete it. Gal first posted about the breach on December 24. Screenshots of the hacker forum, where the data appeared on Wednesday, were circulated online.
BREAKING: Hudson Rock discovered a credible threat actor is selling 400,000,000 Twitter users data.
The private database contains devastating amounts of information including emails and phone numbers of high profile users such as AOC, Kevin O'Leary, Vitalik Buterin & more (1/2). pic.twitter.com/wQU5LLQeE1
— Hudson Rock (@RockHudsonRock) December 24, 2022
Twitter didn’t respond to Reuters queries. The news agency could not independently verify the authenticity of the data on the forum.
Troy Hunt, creator of breach-notification site Have I Been Pwned and Microsoft regional director tweeted: “Found 211,524,284 unique email addresses, looks to be pretty much what it’s been described as.”
Found 211,524,284 unique email addresses, looks to be pretty much what it’s been described as
— Troy Hunt (@troyhunt) January 5, 2023
Tech news website Bleeping Computer has downloaded the data and confirmed that the email addresses were correct but also found duplicate data. Another researcher said that the number of unique email addresses were still more than 100 million.
“The full dataset has obviously not been confirmed. The dataset is far from complete as there were many users who were not found in the leak,” Bleeping Computer said.
Hacker(s), security experts believe, may have used the so-called scraping attack in which a piece of software linked to Twitter called an application programming interface is tricked into revealing hidden details about accounts.
The scraping attack was used to steal emails and phone numbers in November 2021. Twitter claimed to have fixed it in January 2022.
Get the latest reports & analysis with people's perspective on Protests, movements & deep analytical videos, discussions of the current affairs in your Telegram app. Subscribe to NewsClick's Telegram channel & get Real-Time updates on stories, as they get published on our website.
