A Twitter database containing information on about 235 million users was recently leaked on an online hacker forum.
According to Cybernews, The leak contains about 63GB of data, which includes usernames, email addresses, Twitter activity, follower count and account creation dates. The database is even publicly available, allowing anyone to download it.
Alon Gal, the co-founder of the Israeli security company Hudson Rock, Believe that hackers will take advantage of the recently leaked Twitter database Target crypto accounts, hack high profile and political accounts, hack accounts with good usernames and dox accounts that didn’t use a dedicated Twitter email. “It goes without saying that agencies around the world will also use this database to further compromise our privacy,” he said.
Twitter database leaked for free with 235,000,000 records.
The database contains 235,000,000 unique records of Twitter users and their email addresses and will unfortunately lead to a lot of hacking, targeted phishing and doxxing.
This is one of the most significant leaks ever. pic.twitter.com/kxRY605qMZ
— Hudson Rock (@RockHudsonRock) January 4, 2023
According to the Washington Post, The records were apparently edited in late 2021 through a Twitter vulnerability which allowed strangers given an email address or phone number to find any account matching that information on Twitter. These searches can be automated to check an unlimited number of phone numbers and email addresses.
This is what Twitter said in August last year It was made aware of the flaw in January 2022 through its bug reporting reward program and the vulnerability was mistakenly introduced in a code update many months before. The flaw was later exploited by hackers Seen selling Twitter accounts and related emails and phone numbers.
The new leak also appears to be linked to a cybercrime group Obtained the data of approximately 400 million Twitter users in early December and demanded $200,000 to delete the files. Ireland’s Data Protection Commission said it was investigating the earlier breach, adding that the General Data Protection Regulation may have been breached.
Twitter has yet to comment on the matter.
source: cybernews, The Washington Post