Twitter is facing a new massive leak of personal data, with one big problem: Stolen information is offered almost free on the Web. As reported by Washington Postthe email addresses of some 235 million Twitter accounts are now accessible with a few clicks, for around two euros, on a famous hacker forum.
Several US media were able to verify the authenticity of a sample of illegally collected emails, including the specialized site Bleeping Computer. For the affected Internet users (around half of the users in the world), this email leak could imply online scam attempts, but especially for accounts operating under a pseudonym, the disclosure of the identity of the real owners.
security hole
As Bleeping Computer specifies, the database was created in 2021 and exploited a flaw in Twitter’s code. By submitting lists of email addresses or phone numbers to one of Twitter’s dedicated developer tools, it was possible to see the associated Twitter accounts appear, if such accounts existed.
The hackers then mass-submitted hundreds of millions of email addresses collected during previous attacks to collect the corresponding accounts and create this database. The flaw was fixed in early 2022 by the company.
If the data from this hack has leaked regularly in recent months, this is the first time it has been accessible in such a massive way and at such a low price.
This scenario is reminiscent of Facebook, which, due to a security breach, had allowed hackers to massively collect and distribute some 530 million phone numbers, including 20 million belonging to French users. Like Facebook, Twitter has so far not notified any victims. However, this is an obligation of the GDPR, the European regulation on personal data.
Source: BFM TV
