The leaked information, which contains the email addresses of more than 200 million Twitter users, has been released on the popular hacking forum for around $2,000. media BleepingComputer It has verified the validity of many of the email addresses mentioned in this news.
Starting July 22, 2022, threat actors and data breach collectors will sell and publish large datasets of Twitter user profiles containing private data including phone numbers and email addresses and public data on various online hacker forums and cybercrime marketplaces.
The data was created in 2021 by exploiting a Twitter API vulnerability that allowed users to enter email addresses and phone numbers to verify if they were associated with a Twitter ID.
The threat actors then used another API to mine public Twitter data for IDs and combined this public data with private email addresses or phone numbers to create profiles of Twitter users.
Although Twitter fixed this flaw in January 2022; But recently, several threat actors have started disclosing the data sets collected over the past year for free.
The first dataset of 5.4 million users was put up for sale in July for $30,000 and finally released for free on November 27, 2022. Another data set, said to contain the information of 17 million users, was also leaked in November.
Recently, the threat actor began selling a dataset that they claimed contained 400 million Twitter profiles collected using this vulnerability.
200 million Twitter profiles released for free
A security activist published a dataset of 200 million Twitter profiles on the hacking forum Breached, worth approximately $2.
This data set is said to be similar to the 400 million sets that were released in November; But they were cleaned to not contain duplicates and their total was reduced to about 221,608,279 ox. However, BleepingComputer’s media tests also confirmed the duplicates in the latest leaked data.