A data leak containing email addresses for 235 million Twitter users has been published on a popular hacker forum. Many experts have immediately analyzed it and confirmed the authenticity of many of the entries in the huge leaked archive.
At the end of July, a threat actor leaked data of 5.4 million Twitter accounts that were obtained by exploiting a now-fixed vulnerability in the popular social media platform.
In January, a report published on Hacker claimed the discovery of a vulnerability that can be exploited by an attacker to find a Twitter account by the associated phone number/email, even if the user has opted to prevent this in the privacy options.
The vulnerability was exploited by multiple threat actors to scrape Twitter user profiles containing both private (phone numbers and email addresses) and public data. Then the scraped data were offered on various online cybercrime marketplaces.
In August, Twitter confirmed that the data breach was caused by the now-patched zero-day flaw submitted by the researcher zhirinovskiy via bug bounty platform HackerOne and that he received a $5,040 bounty.
In November, data from 5.4M Twitter users obtained from multiple threat actors and combined with data from other breaches were available online.
In December another Twitter data leak made the headlines, a threat actor obtained data of 400,000,000 Twitter users and attempted to sell it.
The seller claimed the database is private, he provided a sample of 1,000 accounts as proof of claims which included the private information of prominent users such as Donald Trump JR, Brian Krebs, and many more. The seller, who is a member of a popular data breach forum, claimed the data was scraped via a vulnerability. The database includes emails and phone numbers of celebrities, politicians, companies, normal users, and a lot of OG and special usernames.
Now, a threat actor published an archive containing the data of 235,000,000 users on Breach Forums that can be downloaded for eight credits.
The database is a cleaned version of the one published in December.
BleepingComputer reported that unlike previously leaked data collected using this Twitter API flaw, this data leak does not indicate whether an account is verified.
Experts warn that the leaked data can be used by threat actors to target the users of the platforms.
“Hackers will use the new leaked database in order to :
1. Target Crypto Twitter accounts (.eth in name or other methods)
2. Hack into high profile accounts (follower count or otherwise)
3. Hack into “OG” accounts with good usernames
4. Hack into political accounts
5. Doxx “anonymous” accounts that didn’t use a dedicated email for Twitter
It goes without saying that agencies around the world will use this database as well to further harm our privacy.” reported Alon Gal, founder of Hudson Rock.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, data leak)
[adrotate banner=”5″]
[adrotate banner=”13″]
China-linked threat actors are preparing cyber attacks against U.S. critical infrastructure warned FBI Director Christopher…
The United Nations Development Programme (UNDP) has initiated an investigation into an alleged ransomware attack…
BlackBerry reported that the financially motivated group FIN7 targeted the IT department of a large…
An international law enforcement operation led to the disruption of the prominent phishing-as-a-service platform LabHost.…
Russia-linked APT Sandworm employed a previously undocumented backdoor called Kapeka in attacks against Eastern Europe since…
Cisco has addressed a high-severity vulnerability in its Integrated Management Controller (IMC) for which publicly…
This website uses cookies.