A data leak purportedly containing the email addresses of more than 200 million Twitter users was sold on hacker forums for about $2. BleepingComputer has confirmed the validity of many of the email addresses listed in the leak.
Since July 22, 2022, threat actors and data leakage collectors have been selling and disseminating a large number of Twitter user profile datasets on various online hacker forums and cyber crime markets, including private data (phone numbers and email addresses) and public data.
These datasets were created in 2021 by exploiting a Twitter API vulnerability that allows users to enter email addresses and phone numbers to confirm whether they are associated with Twitter ID.
Today, a threatening actor released a dataset containing 200 million Twitter profiles on the Breached Hacker Forum, which requires 8 forum currency points worth about $2.
It is said that the data set is the same as the 400 million groups circulated in November, but it does not contain duplicate items after cleaning, and the total number is reduced to about 221608279 lines. However, the testing of Bleeping Computer also confirmed the duplicates in the latest leaked data.
The data is published in the form of RAR archive, including six text files, with a total data volume of 59 GB.
Each line in the file represents a Twitter user and its data, including email address, name, nickname, follow count, and account creation date.
