- A Twitter database including 235 million users has been leaked on an online hacker forum.
- The data leaked has details like emails and phone numbers of many prominent companies and individuals.
- Twitter data can be utilized for unlawful social engineering as well as doxing.
A data leak with email addresses of 235 million Twitter users has been posted on a hacker forum. Upon analyzing it, a number of experts have assured the genuinity of several entries.
The leaked data has email addresses, usernames, followers count, screen names, phone numbers as well as the dates when the accounts were created.
The exposure of the database will result in hacking, doxing, and phishing attacks.
Twitter database leaks for free with 235,000,000 records.— Hudson Rock (@RockHudsonRock) January 4, 2023
The database contains 235,000,000 unique records of Twitter users and their email addresses and will unfortunately lead to a lot of hacking, targeted phishing, and doxxing.
This is one of the most significant leaks ever. pic.twitter.com/kxRY605qMZ
The leak has been done by the same group that published an advertisement on the same online forum to sell the details of 400 million Twitter users in December. The information contained usernames, phone numbers, and email addresses.
Israel-based Hudson Rock has not revealed the name of the online forum that is behind the recent incident; however, it has been reported that a site named Breached is behind the December advertisement
Hudson has called it one of the major leaks. He added that it is not known whether any passwords are exposed. Moreover, there are chances that the data have been shared privately.
In July end, a bad actor exposed data of 5.4 million Twitter users by exploiting a vulnerability in the platform.
A report was posted on Hacker in January and mentioned discovering a vulnerability that can be misused by an attacker to discover a Twitter account via the connected email/phone number despite the user choosing to avoid this in the privacy options.
Multiple bad actors exploited the vulnerability with an intention to scrape profiles of Twitter users containing public and private data. The scraped data was then provided to several online cybercrime marketplaces.
Twitter, in August, confirmed that the breach happened owing to the now-patched zero-day issue submitted by zhirinovskiy, a researcher, through HackerOne and he got a $5,040 bounty.
In the month of November, data from 5.4 million Twitter users that was acquired from several threat actors and merged with data from various other breaches were available on the internet.
Coming back to the recent data leak, experts have warned that threat actors can utilize the leaked data to:
- Target accounts of Crypto Twitter
- Hack high profile accounts
- Hack political accounts
- Hack OG accounts with good usernames
- Dox “anonymous” accounts that lack an email for Twitter