Data of 200mn Twitter users on sale for just $2
Last month, a hacker attempted to sell a data set containing the email addresses and phone numbers of over 400 million Twitter users to CEO Elon Musk. Now, a shortened version of the same dataset has appeared on Breached Forums, a hacker forum, for eight forum credits, which is approximately worth $2. The data is part of a 2021 cyberattack on Twitter.
Why does this story matter?
- Twitter has a new but familiar problem at hand. The data set leak in 2021 has no intention of leaving the microblogging platform alone.
- This time, the data set is available online for practically nothing. It is possible that the hackers may have been triggered by Musk's casual attitude toward their threat in December.
- This has the potential to spell trouble for Twitter users.
New set has fewer lines due to removal of duplicates
The data set containing the public and private information of millions of Twitter users was posted by a hacker with the screen name 'StayMad.' The same data was on offer for $200,000 last month on the same forum. Last month's data dump was cleaned up to remove duplicates, resulting in 221,608,279 lines. However, there are still duplicates in the data set.
What does the data dump contain?
The dataset was released as a RAR archive containing six text files. They have a combined size of 63GB. Each line in a text file represents a Twitter user and their data. Leaked data includes email addresses, names, screen names, number of followers, and account creation dates. The dataset, however, doesn't show whether an account is verified or not.
The data set is connected to a 2021 API vulnerability
The now leaked data set traces its origin back to a Twitter API vulnerability that was exploited by threat actors in 2021. It allowed them to input email addresses and phone numbers to find a matching Twitter ID. Then, another API was used to scrape public data for the ID. The public data was then combined with the private data to create profiles.
Leaked data sets have been up for sale multiple times
Twitter fixed the API flow at the beginning of 2022. However, many have been leaking the data sets they collected since July 2022. The first set of 5.4 million users was up for grabs for $30,000 in July. Another data set appeared in November. The most recent one was the data set containing 400 million Twitter profiles.