A well-known hacker site allegedly dumped a database containing the email addresses of over 235 million Twitter users and is being sold for roughly $200,000. According to a cyber intelligence company, this data leak has the potential to rank among the greatest ever discovered for the social media platform.
Threat actors and data breach hunters have been selling and disseminating sizable data sets of scraped Twitter user profiles since July 22nd, 2022, encompassing both private (such as phone numbers and email addresses) and public data.
Exploiting The Vulnerability On Twitter API
By exploiting a weakness in the Twitter API that allowed users to enter email addresses and phone numbers to see if they were connected to a Twitter ID in 2021, these data sets were created. The threat actors then used another API to scrape the public Twitter data for the ID, combining it with private email addresses and phone numbers to create profiles of Twitter users.
Even though Twitter addressed this issue in January 2022, threat actors have just started to share the free data sets they were able to get over a year ago. The first 5.4 million user data collection was put up for sale in July for $30,000. On November 27, 2022, it became entirely free. In November, a second data dump that allegedly contained details on 17 million people was also quietly making its way around.
A threat actor started selling a data dump with what they claimed to be 400 million Twitter profiles that were gathered utilizing this vulnerability more recently.
Previous Twitter Data Dump
Threat actors compiled enormous lists of email addresses and phone numbers that had previously been compromised in data breaches in 2021. The API bug was then fed these lists by the scrapers to determine whether your phone number or email address had a corresponding Twitter ID.
The attack, the second in less than a month, is the most recent in a succession of cybersecurity issues the microblogging site has had in the previous year. If included in the rankings of cybersecurity firm UpGuard, this would be among the top 15 most significant data breaches to date if confirmed by Twitter.
However, it won’t be as bad as the hack Twitter experienced in 2018, which was caused by a password issue and exposed the accounts of roughly 330 million users. Twitter announced in August that a software flaw in July had allowed the information of roughly 5.4 million of its users to be exposed.
When the hack occurred, “someone was able to insert a phone number or email address into the log-in flow in an attempt to detect if that information was tied to an existing Twitter account, and if so, which specific account,” the company said at the time. It also exacerbates the persistent problems at the San Francisco-based business, which has had a turbulent time under Mr. Musk’s brief ownership after he acquired it for $44 billion last year.
Elon Musk Controversial Reign Since Inception
Elon Musk’s ownership of Twitter has been marred by controversy. The decisions Mr. Musk made during his time as CEO of Twitter were contentious, he frequently changed his mind, and he fired key executives as well as over half of the company’s workers. Meanwhile, technology firms have become a favorite target of hackers due to their extensive user data resources that they can illegally sell on the dark web.
Major companies in the sector, like Yahoo, LinkedIn, and Facebook, have all suffered losses in the past. According to IBM’s most recent yearly survey, the cost of a data breach rose from $3.86 million in 2020 to an estimated $4.24 million in 2021. Up until IBM’s 2022 update, which revealed that overall breach expenses were now at $4.35 million, that was the largest sum in the 17-year history of the study.
Elon Musk had tried to avoid purchasing the firm by using Zatko’s testimony regarding subpar security procedures, but he has subsequently let go of several of its security personnel.
Tips For Keeping Safe On Social Media Platforms
Using social networking sites like Facebook, Twitter, and Instagram to remain in touch with loved ones is a terrific idea, but keep in mind that identity thieves and cybercriminals also frequent these sites. The following are a few tips for keeping safe on different social media platforms.
- Limit privacy options
Verify that your social media account’s privacy settings have your phone number and email addresses set to private.
- Text messaging can be used to stop unauthorized logins.
There was a time when it made sense to keep your phone number off of your social media pages, but that choice should be reconsidered now.
- Maintain Secrecy Regarding Your Location
Avoid disclosing your address because doing so may encourage burglars to target your house. Additionally, use caution when publicizing when you will be gone for a lengthy amount of time because potential burglars may target your empty home.
- Steer clear of (and report) repeated friend requests.
Check your friends list again before accepting an offer to connect with someone you know but who you believe was already a friend or follower. The sender’s account has probably been hacked if they are already on your list of known senders.
- Avoid using social logins to access third-party websites.
You may register on many third-party websites using your Facebook, Google, or Twitter credentials rather than creating new usernames and passwords.
- Stay away from games and quizzes that ask for access to the profile.
“Fun” quizzes that claim to find your ideal partner, put together a team for a bank heist, or assess your local devotion are frequently nothing more than information-stealing schemes.
- Take Care When Handling Passwords
Avoid saving passwords in your browser because if your phone or laptop is stolen, they could give thieves access to your email, social media accounts, and shopping sites, all of which likely contain a wealth of personal information that identity thieves could use.
Large followings from verified accounts are highly prized because they are frequently utilized in internet scams to steal cryptocurrency. Additionally, this disclosure raises serious privacy concerns, particularly for anonymous Twitter users. It might be feasible to identify anonymous Twitter users using this leak and reveal their real identities. The aim of targeted phishing scams is to steal your passwords or other sensitive information, so all Twitter users should be on the watch for these.
In what is arguably one of the biggest data breaches to befall Twitter, an online hacking site has disclosed details of about 235 million Twitter accounts. Users’ names, email addresses, screen names, the number of followers they have, the dates that their accounts were created, as well as some phone numbers are all included in the data dump.