Records of 235 million Twitter accounts have been posted on online hacking forums exposing their identities by allowing anonymous handles to be linked to email addresses and associated real names.
According to security experts, hudson rock The database went viral earlier in the week and is now leaking, according to CTO Alon Gal, who verified the data.
“The database contains 235 million unique records of Twitter users and their email addresses, which unfortunately will lead to many hacks, targeted phishing and doxxing,” said the cybersecurity expert. the expert writes. LinkedIn“This is one of the most significant leaks I have seen.”
The leaked data also reportedly included names, usernames, email addresses, follower counts, and creation dates.
According to VMware’s product line marketing manager, Ron Scott AdamsHowever, the data is at least two years old and consists primarily of publicly available information (excluding email addresses).
Jamie Boote, Associate Principal Consultant synopsisSaid Information security This data could be the result of a web scraping job exploiting an old (now fixed) Twitter bug.
“In 2021, people will be able to use the Twitter API to disclose email addresses provided by other sources, or to divulge other semi-public information, such as associating a Twitter handle with that email address. We found it,” said Boote.
“Several groups then started farming to gain a handle using the leaked email dump as seed material. [use to] We collect information such as follower count, profile creation date, and other information available on your Twitter profile. “
The executive added that the issue was fixed last year, so the leak looks like someone “gathered these in bulk and combined them with a few more new accounts and tried to get them.” [Elon] Musk to pay them. “
Boote said it’s a classic example of an insecure API designed by a developer to “just work” and remain insecure.
“Humans are bad at protecting what they can’t see. As always, bad actors will steal your email address,” added Boote.
“For safety, users should change their Twitter passwords and make sure they are not reused on other sites. Going forward, we will remove emails that appear to come from Twitter to avoid phishing scams. I recommend that you do.”
Leak comes weeks after another affected breach Over 5 million Twitter users November 2022.
