235 Million Twitter Users Leaked In Biggest Data Leak

By   Adeola Adegunwa
Writer , Informationsecuritybuzz | Jan 05, 2023 02:55 am PST

A well-known hacker site allegedly dumped a database containing the email addresses of over 235 million Twitter users and is being sold for roughly $200,000. According to a cyber intelligence company, this data leak has the potential to rank among the greatest ever discovered for the social media platform.

Threat actors and data breach hunters have been selling and disseminating sizable data sets of scraped Twitter user profiles since July 22nd, 2022, encompassing both private (such as phone numbers and email addresses) and public data.

Exploiting The Vulnerability On Twitter API

By exploiting a weakness in the Twitter API that allowed users to enter email addresses and phone numbers to see if they were connected to a Twitter ID in 2021, these data sets were created. The threat actors then used another API to scrape the public Twitter data for the ID, combining it with private email addresses and phone numbers to create profiles of Twitter users.

Even though Twitter addressed this issue in January 2022, threat actors have just started to share the free data sets they were able to get over a year ago. The first 5.4 million user data collection was put up for sale in July for $30,000. On November 27, 2022, it became entirely free. In November, a second data dump that allegedly contained details on 17 million people was also quietly making its way around.

A threat actor started selling a data dump with what they claimed to be 400 million Twitter profiles that were gathered utilizing this vulnerability more recently.

Previous Twitter Data Dump

Threat actors compiled enormous lists of email addresses and phone numbers that had previously been compromised in data breaches in 2021. The API bug was then fed these lists by the scrapers to determine whether your phone number or email address had a corresponding Twitter ID.

The attack, the second in less than a month, is the most recent in a succession of cybersecurity issues the microblogging site has had in the previous year. If included in the rankings of cybersecurity firm UpGuard, this would be among the top 15 most significant data breaches to date if confirmed by Twitter.

However, it won’t be as bad as the hack Twitter experienced in 2018, which was caused by a password issue and exposed the accounts of roughly 330 million users. Twitter announced in August that a software flaw in July had allowed the information of roughly 5.4 million of its users to be exposed.

When the hack occurred, “someone was able to insert a phone number or email address into the log-in flow in an attempt to detect if that information was tied to an existing Twitter account, and if so, which specific account,” the company said at the time. It also exacerbates the persistent problems at the San Francisco-based business, which has had a turbulent time under Mr. Musk’s brief ownership after he acquired it for $44 billion last year.

Elon Musk Controversial Reign Since Inception

Elon Musk’s ownership of Twitter has been marred by controversy. The decisions Mr. Musk made during his time as CEO of Twitter were contentious, he frequently changed his mind, and he fired key executives as well as over half of the company’s workers. Meanwhile, technology firms have become a favorite target of hackers due to their extensive user data resources that they can illegally sell on the dark web.

Major companies in the sector, like Yahoo, LinkedIn, and Facebook, have all suffered losses in the past. According to IBM’s most recent yearly survey, the cost of a data breach rose from $3.86 million in 2020 to an estimated $4.24 million in 2021. Up until IBM’s 2022 update, which revealed that overall breach expenses were now at $4.35 million, that was the largest sum in the 17-year history of the study.

Elon Musk had tried to avoid purchasing the firm by using Zatko’s testimony regarding subpar security procedures, but he has subsequently let go of several of its security personnel.

Tips For Keeping Safe On Social Media Platforms

Using social networking sites like Facebook, Twitter, and Instagram to remain in touch with loved ones is a terrific idea, but keep in mind that identity thieves and cybercriminals also frequent these sites. The following are a few tips for keeping safe on different social media platforms.

  • Limit privacy options
    Verify that your social media account’s privacy settings have your phone number and email addresses set to private.
  • Text messaging can be used to stop unauthorized logins.
    There was a time when it made sense to keep your phone number off of your social media pages, but that choice should be reconsidered now.
  • Maintain Secrecy Regarding Your Location
    Avoid disclosing your address because doing so may encourage burglars to target your house. Additionally, use caution when publicizing when you will be gone for a lengthy amount of time because potential burglars may target your empty home.
  • Steer clear of (and report) repeated friend requests.
    Check your friends list again before accepting an offer to connect with someone you know but who you believe was already a friend or follower. The sender’s account has probably been hacked if they are already on your list of known senders.
  • Avoid using social logins to access third-party websites.
    You may register on many third-party websites using your Facebook, Google, or Twitter credentials rather than creating new usernames and passwords.
  • Stay away from games and quizzes that ask for access to the profile.
     “Fun” quizzes that claim to find your ideal partner, put together a team for a bank heist, or assess your local devotion are frequently nothing more than information-stealing schemes.
  • Take Care When Handling Passwords
    Avoid saving passwords in your browser because if your phone or laptop is stolen, they could give thieves access to your email, social media accounts, and shopping sites, all of which likely contain a wealth of personal information that identity thieves could use.

Large followings from verified accounts are highly prized because they are frequently utilized in internet scams to steal cryptocurrency. Additionally, this disclosure raises serious privacy concerns, particularly for anonymous Twitter users. It might be feasible to identify anonymous Twitter users using this leak and reveal their real identities. The aim of targeted phishing scams is to steal your passwords or other sensitive information, so all Twitter users should be on the watch for these.


In what is arguably one of the biggest data breaches to befall Twitter, an online hacking site has disclosed details of about 235 million Twitter accounts. Users’ names, email addresses, screen names, the number of followers they have, the dates that their accounts were created, as well as some phone numbers are all included in the data dump.

Notify of
7 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
Erfan Shadabi
Erfan Shadabi , Cybersecurity Expert
InfoSec Expert
January 6, 2023 1:21 pm

“Something as simple as a misconfiguration or, in this case, an API vulnerability can trigger data exposure affecting millions of people. Twitter actually fixed the API vulnerability, which allowed anyone to find accounts associated with any phone number or email address, in January 2022, six months after it was discovered. But by then it was too late. One way to stop such incidents is to stop depending solely on traditional protection methods such as passwords, border security, and simple data access management. Data-centric security, which focuses on protecting the data itself, can go a long way toward eliminating the risk inherent in incidents such as this one. By tokenizing sensitive data elements, data is made incomprehensible and cannot be leveraged by the wrong person, and yet tokenization and format-preserving encryption can still retain data format so corporate workflows can still work with that data without modification to enterprise applications.”

Last edited 4 months ago by Erfan Shadabi
Brian Higgins
Brian Higgins , Security Specialist
InfoSec Expert
January 6, 2023 1:21 pm

“The biggest threat here is the fact that email addresses used to run individual Twitter accounts can be linked to their owners which, in the case of high-profile, public figures can be problematic or even dangerous if those individuals have been Tweeting anonymously from places where the State may not approve of their opinions. Even in safer jurisdictions accounts can appear ‘hacked’ or be targeted. The most obvious course of action for public-facing users; celebrities, politicians etc. is to use third-party Social Media management with dedicated email addresses which are not linked to any personal internet activities. It might be a pain to set this up and a re-set could cost them followers to begin with but it’s pretty obvious that taking responsibility for your own information security is the only option these days.”

Last edited 4 months ago by Brian Higgins
Darren Guccione
Darren Guccione , CEO and Co-Founder
InfoSec Expert
January 6, 2023 1:19 pm

“Our research shows the average UK business experiences 44 cyberattacks per year, and two of them are successful. Data breaches from cyberattacks have devastating impacts to any business’ operations, finances and reputation, but customers are the ones who often experience the most painful damaging downstream effects.

Consumers must be aware that cyberattacks put their data at risk. To protect themselves, everyone should utilize strong and unique passwords for all of their online accounts. This will limit sprawl if their information is stolen and posted to the dark web. They should change their passwords immediately if they discover their information has been compromised in a breach and should always enable strong forms of two-factor authentication, such as an authenticator app, which provides a second layer of protection. A password manager is a critical tool to create high-strength random passwords for every website, application and system.

These users should be on high alert for phishing attacks that use their leaked information. If a message looks suspicious, avoid clicking any links or responding. The key is to ensure the URL of the destination website matches the authentic website. When a password manager is used, it automatically identifies when a site’s URL doesn’t match what’s contained in the user’s vault, which provides a critical extra layer of security.

Finally, a dark web monitoring tool such as BreachWatch will alert individuals if their data is available online, so they can take immediate action to protect themselves.”

Last edited 4 months ago by Darren.Guccione
Jake Moore
Jake Moore , Cybersecurity Specialist
InfoSec Expert
January 5, 2023 12:10 pm

“Twitter continues to be a target with threat actors looking to cause as much damage as possible. With Elon Musk publicly shedding staff including in the security department, a target has been painted on the company’s back, effectively asking for trouble. Although only email addresses and phone numbers were scraped, clever cybercriminals can still cause a lot of damage with this information and target those on the lists with follow up phishing scams or attempt to hijack people’s accounts even with two factor authentication enabled.
Human hacking is increasing in sophistication such as targeting phone providers in SIM swap attacks, meaning users can lose access to their phone numbers and the one time passcodes for their accounts as well. This will automatically give full access to a bad actor to use the platform as they wish. Cryptocurrency scams are commonly Tweeted about from compromised accounts but the possibilities are endless. It is far stronger protection to use an authenticator app or physical security key to gain access and steer away from links in unsolicited emails.”

Last edited 4 months ago by Jake Moore
Sammy Migues
Sammy Migues , Principal Scientist
InfoSec Expert
January 5, 2023 11:55 am

“API security is the real story here. As cloud-native app development explodes, so does the world of refactoring monolithic apps into hundreds and thousands of APIs and microservices. Certainly, this effort is growing much faster than the skills and numbers of application architects who can craft working secure API and zero trust architectures. It’s also growing faster than the time there is available to do threat modelling and skilled security testing. In this case, the lapse in API security resulted in email addresses tied to Twitter accounts and it seems the marketplace has spoken on the value of that data–next to nothing.”

Last edited 4 months ago by Sammy Migues

Recent Posts

Would love your thoughts, please comment.x