Twitter has suffered a massive data breach impacting more than 200 million users. The leaked data set reportedly contains personally identifiable information such as email addresses, names, screen names, follow counts, location, profile picture URLs, and account creation dates of Twitter users. All this information is available on a hacker forum for as little as $2.
Someone is selling data of over 200 million Twitter users for just a couple of dollars
According to a BleepingComputer report, this data may have been scrapped from Twitter systems back in 2021 exploiting an API vulnerability. The flaw allowed anyone to input email addresses and phone numbers to obtain linked Twitter accounts. Once a link is established, bad actors combined public and private data to create profiles of Twitter users.
The social media giant patched this vulnerability in January last year. However, the damage was already done. Bad actors had already scrapped the data of millions of its users by exploiting this vulnerability. In July last year, the hackers put a data set of 5.4 million Twitter users up for sale for $30,000. They released this information for Free in November. Around the same time, a second data set containing information about 17 million users started circulating privately among threat actors.
The following month, information about 400 million Twitter users was on sale on the dark web. Since the social network doesn’t have that many users, that data set likely contained many duplicates. The newly available data set is reportedly a cleaned-up version of it. BleepingComputer says information about 221.6 million Twitter users is available for as little as $2. The publication confirmed the validity of the information such as email addresses, though the data set still contains some duplicates.
What can you do?
This leak seemingly contains information about half of all Twitter users. If you have an account on the social media platform, there’s a good chance that hackers have your data too. And, since the information is available to anyone for just a couple of dollars, many bad actors may have already acquired it. As such, this leak poses a great risk to compromised users. Hackers can try to reset passwords and take control of your account. They can also target users for phishing scams.
To stay safe from potential account takeovers, always use 2FA (two-factor authentication). Most online platforms offer this feature. It blocks access to your account even if the hacker has your password. Also, avoid sharing unnecessary personal information on public platforms. Last but not least, make sure to periodically change your passwords and avoid keeping the same password across multiple accounts. You can use one of these best password managers.