Twitter Data Breach is Another Reason to Hate it There

Twitter being in the news lately is generally due to some new nonsense by Elon Musk. This time though it's for bungling their data security. It came out now that 200 million email addresses and other records for Twitter users have been exposed in the endless line of data breaches. Lawrence Abrams at Bleeping Computer has more of the story.

Since July 22nd, 2022, threat actors and data breach collectors have been selling and circulating large data sets of scraped Twitter user profiles containing both private (phone numbers and email addresses) and public data on various online hacker forums and cybercrime marketplaces.

These data sets were created in 2021 by exploiting a Twitter API vulnerability that allowed users to input email addresses and phone numbers to confirm whether they were associated with a Twitter ID.

The threat actors then used another API to scrape the public Twitter data for the ID and combined this public data with private email addresses/phone numbers to create profiles of Twitter users.

Bleeping Computer

While Twitter fixed this in January of 2022, it doesn't stop the fact that all this data is out there. Weirdly, I recall no announcement or press release from Twitter about this data leak.

Abrams' reporting goes further with word that the 59GB file is selling on forums for a whopping $2 or even given away for free. While it's good that passwords weren't stolen, it is yet another piece of our information that we trusted with a company that has been given away.