Twitter suffers data leak as hackers expose information of 235 million users

A Twitter database containing the information of about 235 million users has recently been leaked on an online hacker forum.

According to Cybernews, the leak contains about 63GB of data, which includes users' names, email addresses, Twitter handles, follower count, and account creation dates. The database is even publicly available, allowing anyone to download it.

Alon Gal, the co-founder of the Israeli security company Hudson Rock, believes that hackers will exploit the freshly leaked Twitter database to target crypto accounts, hack into high-profile and political accounts, infiltrate accounts with good usernames, and dox accounts that didn't use a dedicated email for Twitter. "It goes without saying that agencies around the world will use this database as well to further harm our privacy," he said.

According to The Washington Post, the records were likely compiled in late 2021 using a Twitter vulnerability that allowed outsiders who got a hold of an email address or phone number to find any account matching that information on Twitter. These lookups could be automated to check an unlimited number of phone numbers and email addresses.

Twitter said in August last year that it learned of the flaw in January 2022 through its reward program for bug reports and the vulnerability had been mistakenly introduced in a code update many months prior. The flaw was taken advantage of later on by hackers who were spotted selling Twitter account handles and associated emails and phone numbers.

The new leak also appears to be related to a cybercrime group that obtained the data of about 400 million Twitter users in early December and demanded $200,000 to delete the files. Ireland’s Data Protection Commission announced that it was investigating the earlier breach, adding that the General Data Protection Regulation might have been violated.

Twitter has not yet commented on the matter.

Source: Cybernews, The Washington Post