Twitter account information on 200 million users, including Google CEO Sundar Pichai and Donald Trump Jr., is now available for free on a hacker forum, according to security researchers.
Researchers from Privacy Affairs, a group of experts from several countries, say the data comes from the same set of information on 400 million Twitter users, which was offered for sale on the dark web in December for US$200,000.
This is not a new data leak, Researchers say, But removing duplicate data from cache kept for sale last month.
The data includes account name, handle, creation date, follower count, and email address. It also includes accounts maintained by several organizations such as SpaceX, CBS Media and the National Basketball Association.
it Not there Include password. Nevertheless, the researchers caution that “the availability of email addresses associated with the listed accounts could be used through social engineering attacks to determine the real-life identity or location of affected account holders. Email addresses may also be used for spam or scam marketing campaigns and to send personal threats to individual users.
The hackers claim that they obtained this data by scraping information collected by Twitter from its users. However, the researchers admit that they are not sure how the data were obtained. The most likely method used could be the abuse of an Application Programming Interface (API) vulnerability.
Twitter’s data scraping is not new. All one has to do is do a Google search of “twitter scraping” to find tips and tools for doing this.
“Twitter’s simple, structured format and its various posting functions make it relatively easy to navigate and scour,” James Phoenix wrote last February for a site called just understanding the data, The Twitter API allows users to read and write Twitter data, he said, adding, “Using the Twitter API instead of scraping Twitter data ensures compliance with Twitter’s Terms of Service, but it is not treated as using scraping services.” I’m not efficient or flexible.”
According to Bleeping Computer News ServiceThis new cache of data isn’t free, but it only costs US$2.00.
Privacy Affairs says that on the hacker forum where this data is being marketed, users need to buy ‘credits’ to download the leaks posted by forum users. Giving away forum poster data for free; However, the forum charges credits (~$2) to initiate the download.
Bleeping Computer also notes that, since July 22, hackers have been selling and disseminating large data sets of scraped Twitter user profiles, which include both private (phone numbers and email addresses) and public data. Huh. These data sets were created in 2021 by exploiting a Twitter API Vulnerability which allowed users to input email addresses and phone numbers to confirm whether they were linked to a Twitter ID. The threat actors then used another API to scrape public Twitter data for IDs and combined this public data with private email addresses/phone numbers to build profiles of Twitter users.
Although Twitter has fixed this flaw in January 2022The news report states, threat actors have recently started leaking data sets collected over a year ago for free.
