Twitter data dump: 200 million or more accounts available for free download
According to Privacy Affairs’ security researchers, who confirmed the database that has now been posted on a breach forum, this most recent data dump, which contains user names, handles, creation dates, follower counts, and email addresses, is the same albeit cleaned up release reported last month that affected more than 400 million Twitter accounts.
According to Privacy Affairs CEO and founder Miklos Zoltan, the removal of duplicate accounts is what caused the number of accounts to be cut in half. But this time, he added, “the data is available for download by anyone for free, as opposed to being marketed for sale at $200,000, as it was in December.”
According to Zoltan’s blog article detailing the breach, some of the well-known individuals and companies in the new 63 GB information theft include Donald Trump Jr., Google CEO Sundar Pichai, SpaceX, the US National Basketball Association, CBS Media, and the World Health Organization.
There is no information on whether the Christmas Day Twitter account hack of British Education Secretary Gillian Keegan is connected. Miscreants hijacked Keegan’s account in that instance, altered her profile photo to one of Elon Musk, and sent out a string of tweets endorsing crypto currency.
According to Zoltan, the exposed account owners are still at risk even if the disclosed data does not contain users’ contact information, physical addresses, or passwords.
After reviewing the disclosed data, Privacy Affairs cybersecurity specialists concluded that this most recent leak could result in social engineering attempts and doxxing.
The genuine names and locations of individuals can be ascertained by combining the hacked email addresses connected to Twitter accounts with other publicly accessible data. Additionally, nation-state thugs and criminals wishing to launch social engineering attacks continue to use phishing emails as a successful entry point.
Of course, spammers or con artists can also utilize the listed email addresses; all they must do is persuade one target to click on a harmful link.
Researchers say that while this week’s data leak has fewer accounts, it may be more dangerous because the thieves are giving away the entire information for free.
At this time, the particular method of data acquisition is unknown, Zoltan said. “The most likely approach exploited was the misuse of an application programming interface (API) vulnerability.”
As was previously reported, a security hole that Twitter claimed to have patched last year allowed the records to be scraped in 2021.
RS News or Research Snipers focuses on technology news with a special focus on mobile technology, tech companies, and the latest trends in the technology industry. RS news has vast experience in covering the latest stories in technology.