Anyone can now download the data of more than 200 million Twitter users for free.
According to Privacy Affairs‘ security researchers, who confirmed the database that’s currently posted on a hacker forum, this most recent data dump, which contains account names, handles, creation dates, follower counts, and email addresses, turns out to be the same — albeit cleaned up — leak reported last month that affected more than 400 million Twitter accounts.
According to Privacy Affairs CEO and founder Miklos Zoltan, the removal of duplicate accounts is what caused the number of accounts to be cut in half. But this time, he added, “the data is available for download by anyone for free, as opposed to being marketed for sale at $200,000, as it was in December.”
According to Zoltan’s blog article detailing the breach, some of the well-known individuals and companies in the new 63GB database leak include Donald Trump Jr., Google CEO Sundar Pichai, SpaceX, the US National Basketball Association, CBS Media, and the World Health Organization.
There is no information on whether the Christmas Day Twitter account hack of British Education Secretary Gillian Keegan is connected. Miscreants hijacked Keegan’s account in that instance, altered her profile photo to one of Elon Musk, and sent out a string of tweets endorsing cryptocurrency.
The exposed account owners are still at risk even if the disclosed data does not contain users’ phone numbers, physical addresses, or passwords, according to Zoltan.
“Privacy Affairs cybersecurity experts reviewed the published data and believe this latest leak could lead to social engineering attacks and doxxing.”
The genuine names and locations of individuals can be ascertained by combining the hacked email addresses connected to Twitter accounts with other publicly accessible data. Additionally, nation state goons and criminals continue to use phishing emails as a successful entry point for social engineering attacks.
Of course, spammers or con artists can also utilise the listed email addresses; all they need to do is persuade one victim to click on a harmful link.
Researchers cautioned that despite this week’s data leak having fewer accounts, it may be more dangerous because the thieves are giving away the entire information for free.
“It is not certain at this moment how exactly this data was obtained,” Zoltan noted. “The most likely method used could have been the abuse of an application programming interface (API) vulnerability.”
The data was allegedly hacked in 2021 due to a security flaw that Twitter claimed to have closed last year.
