Email addresses linked to more than 200 million Twitter profiles are currently circulating on underground hacker forums, security experts say. The apparent data leak could expose the real-life identities of anonymous Twitter users and make it easier for criminals to hijack Twitter accounts, the experts warned, or even victims’ accounts on other websites.
The trove of leaked records also includes Twitter users’ names, account handles, follower numbers and the dates the accounts were created, according to forum listings reviewed by security researchers and shared with CNN.
“Bad actors have won the jackpot,” said Rafi Mendelsohn, a spokesman for Cyabra, a social media analysis firm focused on identifying disinformation and inauthentic online behavior. “Previously private data such as emails, handles, and creation date can be leveraged to build smarter and more sophisticated hacking, phishing and disinformation campaigns.”
Some reports suggested the data was collected in 2021 through a bug in Twitter’s systems, a flaw the company fixed in 2022 after a separate incident in July involving 5.4 million Twitter accounts alerted the company to the vulnerability.
Troy Hunt, a security researcher, said Thursday that his analysis of the data “found 211,524,284 unique email addresses” that had been leaked. The Washington Post earlier reported a forum listing promoting the data of 235 million accounts.
Hunt did not immediately respond to a question from CNN asking whether the records would be added to his website, haveibeenpwned.com, which allows users to search hacked records to determine if they have been affected. CNN has not independently verified the records’ authenticity.
Twitter didn’t immediately respond to a request for comment. Its communication team, along with roughly half of Twitter’s overall workforce, was gutted after billionaire Elon Musk completed his acquisition the company in late October. The significant staff reductions could now add to concerns about the company’s ability to respond to…