Personal information including email addresses of more than 200 million Twitter accounts is sold at hacker forums for only $ 2

It became clear that personal information including e-mail addresses of more than 200 million Twitter accounts was leaked and sold for only $ 2 (about 260 yen) on hacker forums. As of 2021, the series of data is believed to have been stolen by exploiting the vulnerability of Twitter's API.

200 million Twitter users' email addresses allegedly leaked online

Twitter leak of email addresses totals at least 200 million - The Washington Post

Twitter data of over 200 million users is on sale for just $2

In January 2022, Twitter's API vulnerability was discovered through a bug bounty program that ``you can get a linked Twitter ID (identification number automatically assigned when you create an account) by entering your email address or phone number.'' fixed. This vulnerability is believed to have been caused by a code update made by Twitter in June 2021.

However, some hackers have exploited the vulnerability to steal data before it was fixed, creating a dataset that links Twitter IDs, email addresses, phone numbers, and public information obtained from IDs. He said. In August 2022, it was reported that hackers were selling account information for 5.4 million people for $ 30,000 (about 3.9 million yen).

Account information for 5.4 million people leaked from Twitter and hackers sold for 4 million yen - GIGAZINE

In November, user data of 5.4 million people was found to be publicly available on hacker forums . Furthermore, at the end of December, in exchange for the deletion of account information that hackers say totaled 400 million, Twitter's CEO Elon Musk will be named and requested to purchase for $ 200,000 (about 26 million yen). Something happened.

Hacker ``Ryushi'' demands $ 200,000 in exchange for deleting personal information of more than 400 million Twitter accounts, self-defense method is this - GIGAZINE

And in January 2023, it was reported that the data of more than 200 million Twitter accounts in total was being sold for just $2 on hacker forums. This data is believed to have been deduplicated from the 400 million data set sold on the dark web in December, but according to technology media BleepingComputer, duplication was confirmed in this data set as well. It is said that

The data is sold as 6 RAR archives consisting of text files totaling 59GB, with about 221.6 million lines. Below is a sample of leaked data published by BleepingComputer, where each line of the file consists of an email address, name, user name, number of followers, account creation date, etc.

``This database will be used by hackers, political hacktivists and, of course, governments to further invade our privacy,'' said Aron Gal, co-founder of Israeli security firm Hudson Rock. He pointed out that Twitter users who criticize governments and those in power could be at risk.

BleepingComputer and the Washington Post, a major American daily newspaper, asked Twitter for comments on this matter, but Twitter did not respond to any inquiries.

Have I Been Pwned? (HIBP) , a web service that allows you to check whether your personal information has been leaked, has already added the data of the leaked Twitter account to the list. HIBP operator Troy Hunt said the leaked data contained 211,524,284 unique email addresses.

in Web Service,   Security, Posted by log1h_ik