Technology

Twitter hacked and data of 200 million users leaked on dark web, says researcher

DailyBiteJanuary 6, 2023 | 13:33 IST

Do you use Twitter? If yes, chances are your email address, name, user history and likely your phone number is on the dark web. Twitter has reportedly faced a breach, with over 200 million emails leaked and on sale on the dark web. 

The data has reportedly been found on an online hacking forum. 

This seems to be the same breach that was talked about in a report on December 24, which claimed over 400 million user data was breached. The numbers have been updated to 200 million. 

An Israeli security researching firm called Hudson Rock was notified of the breach, first on December 24. And in an update on January 3, saying that there are more than one threat actor selling the data. 

What we know so far: The database reportedly contains the data of some 235 million users. 

  • Earlier, it was reported that email IDs and their corresponding phone numbers were both leaked, but the update says that phone numbers were likely not leaked. 
  • However, Hudson Rock said that the vulnerability that allowed the Twitter leak also enabled some users to be discovered by their phone numbers.
  • So, there is a likelihood that a separate database with email IDs and phone numbers exists.

What does it mean? According to Hudson Rock's CTO Alon Gal, the leak could potentially lead to "hacking, targetted phishing and doxxing". 

The database contains 235,000,000 unique records of Twitter users and their email addresses and will, unfortunately, lead to a lot of hacking, targeted phishing, and doxxing.
- Alon Gal, CTO, Hudson Rock
  • Target crypto Twitter accounts (.eth in name or other methods)
  • Hack into high profile accounts (follower count or otherwise)
  • Hack into "OG" accounts with good usernames
  • Hack into political accounts
  • Doxx "anonymous" accounts that didn't use a dedicated email for Twitter

The prominent names on the leak: Hudson Rock also pointed out some prominent users' data popping up on the leak, including that of American politician Alexandria Ocasio-Cortez, Elon Musk's SpaceX, singer Charlie Puth, Google's Sundar Pichai, a US government account and more. 

  • British journalist Piers Morgan, whose name also appeared in the leak, had his account recently hacked. Hudson Rock says it couldn't be a coincidence. 
  • Several other Twitter users have also reported that they were locked out of their accounts for violating rules and when they saw the problematic tweets in question, they were shocked to learn they didn't even tweet those posts. 
  • Even Kannada actor Kishore Kumar G (Kantara) actor who had his Twitter account suspended a few days ago said that it was due to "hacking" and not because he violated their rules. 

Twitter has so far not responded to the reports.

[READ HERE how leaked data can be used against you and some tips on how to stay safe]

You can also check whether your data was in any leak using websites like haveibeenpwned.com. This author also checked whether her email ID or phone number was leaked anywhere, and found that the email was leaked in a Twitter hack among several other company breaches including Domino's India. Fortunately, the website didn't show any leak of the phone number.

Last updated: January 06, 2023 | 13:33
IN THIS STORY
    Read more!
    Recommended Stories