Following a breach that exposed 400 million users’ private information in the final week of December 2022, 200 million Twitter users’ private information, including their email addresses, was made for sale.
The hacker who perpetrated the December breach had already made a demand of $200,000 from Twitter to return the stolen data, threatening to distribute the information for free if the demand was not met. The most recent data collection disclosed on the hacker site was linked to the same incident that occurred in December 2022.
The disclosed data set on the hacker site is the same as the one from December, according to researchers at Privacy Affairs. In this instance, eliminating duplicates led to the 200 million figure.
There are no phone numbers in the publicly available data collection. The researchers issued a warning that social engineering or “doxing” operations may be started using these data sets.
The data collection was initially 63GB in size, but after duplicates were removed and the files were compressed, the size of the most recent data set was reduced to 4GB and made available for free download.
The hacker said that the data was gathered between early November 2021 and December 2021, according to a study of the original file dates and account creation dates.
Since these breaches put activists and whistleblowers at risk, many Twitter users urged the social media company to look into security.
Sundar Pichai, Donald Trump Jr., SpaceX, CBS Media, the NBA, and the WHO are a few of the well-known and well-liked individuals and organizations. Now that the vulnerability for a data leak has been addressed. However, returning to the attack, it appears that the same exposure was used in July 2022 for another exploit.