200 million Twitter users’ private information, including their email addresses, was put for sale after a breach exposed 400M users’ private information in the last week of December 2022.
The hacker behind the December breach has earlier demanded $200,000 from Twitter in a bid to return the stolen data and warned if the demand is not fulfilled, the data will be released for free. The latest set of data posted on the hacker forum has been traced back to the same breach from December 2022.
— Hudson Rock (@RockHudsonRock) January 3, 2023
Researchers at Privacy Affairs confirmed that the leaked data set on the hacker forum is the same from December. The 200 million number, in this case, resulted from the removal of duplicates. The released data set doesn’t contain phone numbers. The researchers warned that these data sets could be used to initiate social engineering or “doxing” campaigns.
The data set was originally 63GB, but after removing duplicates and compressing the files, the size of the latest data set was reduced to 4GB and free to download.
The hacker also noted that the analysis of original file dates and account creation dates “strongly suggest” that this was collected from early November 2021 through December 14, 2021.
Many users on Twitter demanded that the social media platform looks into security as these hacks put activists and whistleblowers in danger.
I went to change my email address and Twitter isn’t working. This hack puts activists and whistleblowers in danger. https://t.co/5SrSejgvO6
— Ian Linkletter (@Linkletter) January 5, 2023
Some of the popular and known names and entities include Sundar Pichai, Donald Trump Jr., SpaceX, CBS Media, the NBA, and the WHO. The data breach vulnerability has been patched now, but tracing back to the hack, it seems the same vulnerability was used for another exploit in July 2022.