The usernames and email addresses for more than 200 million Twitter users have been posted on the dark web by hackers.
Hackers have recently posted the usernames and email addresses of these users on the dark web, compiled from previous breaches dating back to 2021. While the database doesn’t include passwords, it’s still considered a major security threat for those affected. Alon Gal, co-founder of Israeli cybersecurity firm Hudson Rock, warns that this leak will likely lead to a surge in hacking, targeted phishing, and doxxing.
Because there may be duplicate records in such massive data dumps, it is difficult to estimate how many users were affected by the attack. However, the database also contains text files that show email addresses, associated Twitter usernames, people’ true names (if they published them on the site), follower totals, and the dates on which their accounts were first created. Also noteworthy is the fact that this data was being offered for sale on a hacker forum for as little as $2.
The origin of the database can be tracked back to 2021, when hackers identified a weakness in Twitter’s security measures. By mass-entering email addresses and phone numbers to check whether they were associated with Twitter accounts, this vulnerability allowed hostile actors to automate account lookups. After it was reported as a bug bounty, Twitter acknowledged the vulnerability in August 2022 and said it had been addressed in January of the following year. However, security professionals had already discovered Twitter credential databases being sold in July of that year. This weakness, which remained unnoticed by Twitter for about seven months, appears to have been the source of the most recent database, which had more than 200 million accounts.
This incident is merely the most recent in a string of security problems that have dogged Twitter. The EU and the FTC are currently looking into the corporation for similar security breaches as a result of its longstanding struggles to safeguard the data of its customers. Peiter “Mudge” Zatko, Twitter’s former chief of security, even complained to the US government last August, saying the firm was hiding “egregious failures” in its cybersecurity protections.
All social media users should be aware of the dangers and take precautions to safeguard their personal information online. Take the following steps today:
- If you use Twitter, check to see if your email address was compromised by going to https://haveibeenpwned.com and search on your email address.
- Also check any passwords you use as well – https://haveibeenpwned.com/Passwords
- Do not use the same passwords for multiple accounts. Incidents like this highlight the fact that if one website is breached, and your password is stolen, they will attempt to use the same login and password on other websites you use. Don’t forget to follow our Tips on Managing Passwords Securely.
- Since the hackers now have email addresses they know people use, there will be a significant increase in the number of phishing emails received by these users. Here’s How to Quickly Spot a Phishing Email and if it has an attachment, never click “enable macros” or “enable content.”
- Finally, be cautious about accepting friend or connection requests from people you don’t know, as these could potentially be hackers trying to trick you into falling for one of their scams, or by looking at your social media posts to gather more information about you.