Twitter data compromised as Hacker offers over 200 million stolen user details for free

Solomon Ekanem 13:30 - 06 January 2023

The Twitter logo seen displayed on a smartphone with Elon Musk's account in the background.

Special media platform, Twitter has suffered another compromise as over 200 million user details have been distributed on a hacking forum for free weeks after a hacker threatened to leak the stolen data.

The stolen details which were created by exploiting a Twitter API vulnerability in 2021, contained email addresses used by Twitter users to set up accounts and according to tech website Bleeping computers, have been offered for as low as $2 on a popular hacker forum.

The Washington Post puts the number of hacked user details at 235 million while acknowledging that the action would set the stage for the influx of anonymous identities to be linked to real-world identities via the stolen emails.

Twitter has, for a while been bedeviled with a lot of compromises as hackers have continued having a field day attacking their database while user details have been stolen in massive quantities.

Hackers had in July 2022, taken advantage of a flaw in Twitter's database to steal details of over 5.4 million Twitter account handles, associated emails and phone numbers which they intended to sell off to interested buyers.

In August 2022, Twitter had revealed that it discovered this vulnerability when it was accidentally introduced during a code update in January 2022, seven months earlier.

The BBC reports that though it was yet to confirm the data leak, nor verify the information in the leaked details, there were possibilities that some of the data released in this fashion often turn out to contain duplicate, old or fake information.

However, an expert in this issue, Alon Gal of cyber-crime information firm, Hudson Rock, spotted the leak and also confirmed it was a significant data leak as it contained more than 200 million email addresses.

Mr Gal told the BBC it would "unfortunately lead to a lot of accounts getting hacked, targeted with phishing, and doxxed".

Also quoted by the Washington post, Gal added that “This database is going to be used by hackers, political hacktivists and of course governments to harm our privacy even further”.

Bleeping Computer confirmed it had downloaded the data and the email addresses stolen were correct for many of the listed Twitter profiles. The Tech website also advised that Twitter users should be on alert to quickly monitor and report targeted phishing scams that may attempt to steal passwords or other sensitive information.