Leaked Twitter data can now be found on numerous hacking forums including some prominent Russian-language ones.
The personal data of almost 209 million Tweet users, which includes email addresses, was scraped and stolen before being posted to an online hacking community. Hackread.com has revealed that the online database contains 209,000,000 records. All of them belong to Twitter users.
This database contains usernames, followers, creation dates and email addresses for Twitter users. It is good to know that passwords, physical addresses and phone numbers were not leaked.
Hackread.com suggests the number is actually 209 million after eliminating duplicate accounts.
It should come as no surprise that a hacker just months prior. Another incident occurred in which an actor selling scraped data from .
Because a large number of emails IDs are leaked, it can make victims vulnerable to various attacks including hacking and doxing.
Because people create their email addresses using real names, the information could expose users’ identities.
Notable is the fact that the hacker who leaked the data was on a forum for hackers that had been created as an alternative to now-seized Raidforums . They stated in their blog that they had gathered the data through web scraping, but some websites are reporting it as “Twitter data breaches” or “Twitter being hacked.”
Some believe that the data leaked is more than two years old. Ron Scott-Adams is VMware’s product marketing manager. He examined the data, and concluded that it was at least two years old. The data consists largely of public data, with some exceptions for email addresses.
Jamie Boote (Synopsys associate principal consultant) stated in contrast that data was collected via web scraping using a now-fixed Tweet bug.
“In 2021 people discovered that Twitter API could be used for revealing email addresses from other sources, and even leak other semi-public information like tying Twitter handles with this email address.” Boote said that different groups used the email dumps as seed material in order to find exploitable handles.
The issue was resolved one year ago. It seems someone took the data and combined them with other accounts to make it available online. Troy Hunt from HaveIBeenPwned also reviewed the data, and concluded that it was exactly what had been described.
The identity of the hacker who leaked data online is not known. Security experts believe that the data breach took place in 2021. The incident highlights the risks of an unsecured API. It is important that users change their passwords on Twitter and make sure they are not used on other websites.
Twitter has yet to make a comment.