Someone has published a database of over 200 million email addresses used for Twitter accounts on the dark web and is selling it for just a handful of dollars – just $2.
to me PCwhich was able to confirm that at least some of the email addresses posted in the announcement are correct, this is not a new leak, but rather a recycling of previously leaked data via a faulty API call.
Back in 2021, a vulnerability was discovered in the Twitter API that allowed threat actors to enter email addresses or phone numbers into Twitter to see if they were associated with an active Twitter account. Some may remember, when trying to log into Twitter with a valid email address or phone number, even if the password is incorrect, the platform will still display the ID and profile name of the account associated with those credentials.
Clean up old leaks
The hackers then used a separate API to scrape public Twitter data for IDs and compare it to email data to build a list of Twitter accounts.
A year later, in 2022, threat actors began selling databases created in this way. The initial database, containing more than five million entries, went on sale in mid-2022 for $30,000. The database was later reduced to 400 million entries (possibly after removing duplicates, fake accounts, etc.), and now, it’s down to exactly 221,608,279 lines.
However, the publication found that this database also contains duplicates and is not entirely clean.
In total, the threat actor deployed a set of six text files, combined into a .RAR archive, weighing about 59 GB.
Each line in the file carries some identity (Opens in a new tab)Related information: Twitter user, email address, name, Twitter ID, number of followers, and creation date. Previous leaks also showed if an account was verified or not, while this database does not.
Via: BleepingComputer (Opens in a new tab)