Following a previous database leak containing over 400 million Twitter profiles in December, another database, allegedly a clean version of the previous leak with duplicates removed, is now being sold on a hacking forum for only $2. The database contains 221,608,279 entries.
The database includes email addresses, usernames, follower counts and account creation dates. However, unlike previous leaks, it doesn’t indicate whether or not an account is verified. The data was released in a RAR archive of roughly 59GB, containing six text files.
BleepingComputer verified several email addresses in the breach but also stated that this one has duplicates as well. The entire database has not been verified at the moment. The database is also far from complete, with many users’ information missing from the leak.
Twitter’s API flaw is still causing problems
This leak, in addition to the database leaked in December and a previous database containing information of the 5.4 million Twitter users leaked back in November, all stem from an API flaw that Twitter had which revealed users’ Twitter usernames when a corresponding email address was typed into the site’s login page.
Twitter fixed the bug upon discovery via its HackerOne bug bounty program in January 2022. It resulted from an update to the codebase made in June 2021. The company immediately fixed the issue but found no evidence of any exploits.
Later in July last year, Twitter learned through a press report that the vulnerability had been explored and the information collected was being sold. After reviewing a sample of the data that the threat actor was selling, Twitter could confirm that the vulnerability had been exploited before it was patched.
Since then, multiple threat actors have been posting versions of these scraped databases on hacking forums, often for free or for a relatively low price.
While this most recent leak only contains email addresses and usernames, it can still be used to conduct phishing attacks, especially on verified or high-follower accounts, as they’re usually the more valuable target. As a user, there’s not much you can do now except be on the lookout for any phishing emails or links you might receive on your email address or Twitter inbox.