This week, data from more than 200 million Twitter users was leaked on a hacker forum for the value of $ 2. The database is composed of information captured in 2021, when a flaw in the social network was discovered. Even fixed, the effects of the problem continue.
This leak, at first glance, does not seem to be related to the case 400 million bills announced in December. At the end of 2022, a hacker published on the same forum a request for a “ransom” of US$ 200,000 for Elon Musk or he would disclose them for US$ 60,000. However, there is a possibility that this new leak used the database presented in December.
Fixed crash still causing issues
It’s not just print that is eternal on the internet. Practically everything is “infinite” on the network. The flaw in a Twitter API, even though it was fixed in January 2022, gave enough time for hackers to seek as many accounts as possible on the social network.
Alon Gal, a specialist in digital security, says that this new database is a compilation of emails leaked on other occasions. The probability of new emails appearing in this leak is small, but on the site Have I Been Pwned you can check if your email is on the list — and if it has appeared in other leaks. Accounts created after January 2022 are not listed.
New leak is more “improved”
Alon Gal and the website Bleeping Computer claim that, even though it is presented as a list without duplicate data, in which those responsible “mined” repeated emails, there are still cases of accounts appearing more than once on the list.
However, these two sources differ on the number of unique accounts. For Alon Gal, there are 235 million accounts. already the Bleeping Computer reports that there are just over 221 million unique emails.
Regardless of the actual number of accounts, the leak is very expressive. As much as passwords are not disclosed, the sale of these emails is a huge supply for malicious agents, who can use this information to try to apply blows.
This list, which contains 59 GB of files, according to the Bleeping Computer, has data from verified accounts. However, unlike previous leaks, there isn’t an indication in the file marking which accounts have the verified badge — but that’s ok, anyone can buy that now.