Recent reports indicate that a dataset containing the email addresses of approximately 200 million Twitter users was posted to a popular hacking forum for free.
It appears the dataset was created in 2021, after a threat actor exploited a Twitter API vulnerability which allowed users to input emails and phone numbers to confirm whether they were associated with a Twitter ID.
The same threat actors proceeded to use another API to pull the public Twitter data for the ID, and then combined the public data with the private emails and phone numbers to create profiles of the Twitter users, according to Bleeping Computer.
Twitter did fix this API vulnerability in January 2022, but the damage was already done. The threat actors behind the breach only recently began releasing the data.
Alon Gal, Co-Founder and CTO of Hudson Rock, was one of the first to discover the breach and shared this message on LinkedIn and Twitter:
Gal is unfortunately correct in that this breach will likely lead to a lot of spam messages for Twitter users in the dataset.
Have I Been Pwned, a popular data breach notification service, has added this breach to its system. If you are concerned that your information is involved in this breach, go ahead and visit the website and search for your email address.
If you do find out that your email has been compromised, there are several steps you can take to secure your account. You can change your password to a strong, unique one that has not been used on any other accounts and enable multi-factor authentication (MFA).
As Gal mentioned, it will be important to stay vigilant about any suspicious emails or messages you receive. Do not click on links or download attachments from unknown sources, as these could potentially be malicious. Instead, report any suspicious activity to Twitter and consider reaching out to a trusted technology professional for additional assistance.
This breach is a reminder of the importance of protecting personal information online. By taking steps to secure your account and being cautious about suspicious activity, you can help defend yourself from potential cyber threats.
Follow SecureWorld News for more stories related to cybersecurity.
