A hacker uploaded a massive database of 200 million Twitter accounts to a forum. Many phishing and scam messages are expected to hit the social network following this leak.
The big sellout of Twitter user data continues. On January 4, a member of a famous forum frequented by hackers put the email addresses of 200 million accounts up for sale for just two dollars, the base price to unlock files on this platform.
A sample of 100,000 identifiers is available for free to verify that the database is indeed legitimate. We are able to confirm that several email addresses are compliant.
The announcement of the sale on a famous forum frequented by pirates.
The hacker uploaded a RAR archive consisting of six text files for a combined size of 59 GB of data. Each line represents a Twitter user and their information: email addresses, names, pseudonyms, number of followers, and account creation dates. The database is already available on other forums.
Although passwords are not included, this will not stop many malefactors from sending millions of phishing or scam messages to trick users. Famous Twitter accounts were hacked last week, like English presenter Piers Morgan (8.3 million subscribers) or Scottish actor Graham Mctavish (272,000 subscribers). We, therefore, recommend that you be careful, especially about the messages you receive from social networks.
A major security breach
Twitter user data has been on sale since this summer on many forums. In December 2021, the hacker managed to take advantage of a flaw to extract data thanks to a bot that digs into the website – we speak of scraping to designate this method. A researcher had alerted Twitter in January: “A vulnerability allows any party to retrieve a Twitter ID by submitting a phone number/email even if the user in question has blocked this search in the privacy settings”, describes the expert under the pseudonym Zhirinovskiy. The social network fixed the flaw, but it was already too late.
At the end of December, a hacker claimed to have the information of 400 million accounts. This database would probably be the same as the one that went on sale this January 4th. In Ireland – where Twitter is headquartered in Europe – the Data Protection Commission (DPC) announced on December 23 that it had launched an investigation into the group for this lack of user data protection.