Another huge Twitter user database has been leaked online

Another huge Twitter user database has been leaked online

Somebody posted a database containing greater than 200 million electronic mail addresses used for Twitter accounts on the darkish internet and is promoting it for only a handful of {dollars} – simply $2.

Based on BleepingComputer, which managed to verify the authenticity of no less than a number of the electronic mail addresses posted within the advert, this isn’t a brand new leak, however relatively a recycling of the info that was beforehand leaked through a flawed API name.

Again in 2021, a Twitter API vulnerability was found that allowed risk actors to enter both electronic mail addresses, or telephone numbers, into Twitter, to see whether or not or not they have been related to an energetic Twitter account. Some may recall, when attempting to log into Twitter with a sound electronic mail handle or telephone quantity, even when the password was incorrect, the platform would nonetheless show the ID and the profile title of the account related to these credentials.

Cleansing up previous leaks

Hackers then used a separate API to scrape the general public Twitter information for the IDs and cross-referenced it with electronic mail information to generate a listing of Twitter accounts. 

A 12 months later, in 2022, risk actors began promoting databases generated this fashion. The preliminary database, containing greater than 5 million entries, went up on the market in mid-2022 for $30,000. The database was subsequently introduced all the way down to 400 million entries (in all probability after eliminating duplicates, pretend accounts, and so on.), and now, it’s down to exactly 221,608,279 traces.

Nonetheless, the publication discovered that this database additionally has duplicates and isn’t completely clear.

In complete, the risk actor printed a set of six textual content information, mixed in a .RAR archive, weighing some 59GB.

Every line within the file carries some id (opens in new tab)-related data: a Twitter consumer and their electronic mail handle, title, Twitter deal with, variety of followers, and creation date. Earlier leaks additionally confirmed if the account was verified or not, whereas this database doesn’t.

  • Take a look at the perfect firewalls (opens in new tab) round

Through: BleepingComputer (opens in new tab)