Skip to content

Another Twitter database with over 200 million profiles leaked

  • by
  • 3 min read

Following a previous database leak containing over 400 million Twitter profiles in December, another database, allegedly a clean version of the previous leak with duplicates removed, is now being sold on a hacking forum for only $2. The database contains 221,608,279 entries. 

The database includes email addresses, usernames, follower counts and account creation dates. However, unlike previous leaks, it doesn’t indicate whether or not an account is verified. The data was released in a RAR archive of roughly 59GB, containing six text files.

BleepingComputer verified several email addresses in the breach but also stated that this one has duplicates as well. The entire database has not been verified at the moment. The database is also far from complete, with many users’ information missing from the leak. 

Twitter’s API flaw is still causing problems

This leak, in addition to the database leaked in December and a previous database containing information of the 5.4 million Twitter users leaked back in November, all stem from an API flaw that Twitter had which revealed users’ Twitter usernames when a corresponding email address was typed into the site’s login page. 

Twitter fixed the bug upon discovery via its HackerOne bug bounty program in January 2022. It resulted from an update to the codebase made in June 2021. The company immediately fixed the issue but found no evidence of any exploits.

This is an image of data breach featured cybersecurity 113 e1666861228304

Later in July last year, Twitter learned through a press report that the vulnerability had been explored and the information collected was being sold. After reviewing a sample of the data that the threat actor was selling, Twitter could confirm that the vulnerability had been exploited before it was patched. 

Since then, multiple threat actors have been posting versions of these scraped databases on hacking forums, often for free or for a relatively low price. 

While this most recent leak only contains email addresses and usernames, it can still be used to conduct phishing attacks, especially on verified or high-follower accounts, as they’re usually the more valuable target. As a user, there’s not much you can do now except be on the lookout for any phishing emails or links you might receive on your email address or Twitter inbox. 

In the News: Samsung teases hybrid slidable and foldable portable displays

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: yadullahabidi@pm.me.

Related Reads

This is an image of https 3344700 1280

SSL.com patches abused certificate issue vulnerability

Photo: koshiro k/shutterstock. Com

OpenAI report claims its latest models hallucinate more

What is a hack? 9 different types of hackers you must know about

New RustoBot malware hijacks routers to inject commands

This is an image of wordpress featured 9924

Ad-fraud operation monetises piracy via WordPress plugins

Photo: koshiro k/shutterstock. Com

OpenAI’s o3 model scores lower than initially promised

  • by
  • AI, In News
This is an image of spyware on pc

Russian hosting provider abused for malware delivery

>