200 Million Twitter Users’ Data Leaked: What You Need to Know
• 200 million Twitter users’ private information, including their email addresses, was put for sale after a breach exposed 400 million users’ private information in the last week of December 2022.
• The hacker behind the December breach had previously demanded $200,000 from Twitter in return for the stolen data, and warned that if the demand was not fulfilled, the data would be released for free.
• The released data set doesn’t contain phone numbers, but could be used to initiate social engineering or “doxing” campaigns.
Twitter, the world’s largest microblogging platform, has been the victim of a massive data breach which has exposed over 200 million users’ private information. The breach was discovered in the last week of December 2022 when hackers put 400 million users’ private information up for sale.
The hacker behind the breach had previously demanded $200,000 from Twitter in return for the stolen data, and warned that if the demand was not fulfilled, the data would be released for free. After the demand was not met, the hacker posted the data on a hacker forum.
Researchers at Privacy Affairs confirmed that the data set posted on the hacker forum was indeed from the December breach. The 200 million number, in this case, resulted from the removal of duplicates. The released data set doesn’t contain phone numbers, but could be used to initiate social engineering or “doxing” campaigns.
The data set was originally 63GB, but after removing duplicates and compressing the files, the size of the latest data set was reduced to 4GB and made available to anyone who wanted to download it. The hacker also noted that the analysis of original file dates and account creation dates “strongly suggest” that this was collected from early November 2021 through December 14, 2021.
The consequences of this breach can be potentially devastating for affected users. It is not clear if the hacker has sold the data to anyone else, or if he has been able to access any of the data himself. Regardless, it is likely that the leaked data could be used to initiate phishing or social engineering campaigns, or to target users with malicious emails.
Twitter has not yet commented on the breach, or on whether it has taken any steps to mitigate the damage or to notify affected users. It is important for users to remain vigilant and to be aware of the potential risks posed by this data leak.