More than 200 million Twitter users’ data are currently available for free download to anyone.
This most recent data dump, which includes account names, handles, creation dates, follower counts, and email addresses, turns out to be the same — albeit cleaned up — leak reported last month that affected more than 400 million Twitter accounts, according to Privacy Affairs’ security researchers, who confirmed the database that’s currently posted on a hacker forum.
The elimination of duplicate accounts, according to Privacy Affairs CEO and founder Miklos Zoltan, is what reduced the number of accounts in half. However, he noted, unlike in December when it was advertised for sale at $200,000, the data is now freely available for download by anyone.
Some of the well-known people and organisations in the new 63GB database leak, according to Zoltan’s blog post outlining the breach, are Donald Trump Jr., Google CEO Sundar Pichai, SpaceX, the US National Basketball Association, CBS Media, and the World Health Organization.
There is no evidence on whether the theft of British Education Secretary Gillian Keegan’s Twitter account on Christmas Day is related. In one case, criminals took over Keegan’s account, changed her profile picture to one of Elon Musk, and then tweeted a series of messages praising cryptocurrencies.
Even if the released information does not include users’ physical addresses, phone numbers, or passwords, the exposed account owners are nonetheless at risk, according to Zoltan.
“Privacy Affairs cybersecurity experts reviewed the published data and believe this latest leak could lead to social engineering attacks and doxxing.”
When combined with other publicly available information, the compromised email addresses linked to Twitter accounts can be used to determine the real names and whereabouts of people. Furthermore, nation state thugs and criminals continue to successfully launch social engineering attacks using phishing emails as a gateway.
The mentioned email addresses can, of course, be used by spammers or con artists as well; all they need to do is convince one victim to click on a dangerous link.
Researchers warned that even if there are fewer accounts in this week’s data leak, it might be riskier because the hackers are giving out all of the data for free.