Social Media Horror Show
Twitter and WhatsApp were recently breached, resulting in more than 500 million users having personal data stolen. Social media attacks provide new opportunities for bad actors to target user accounts with increasingly sophisticated attacks. In this episode, starring Robert Davi as our CFO, Jack, we learn about the malicious methods that bad actors use on social media to potentially infiltrate an organization. Watch to learn more about social media security hygiene and what you can do to protect yourself and your organization from social media attacks!
A data leak described as containing email addresses for over 200 million Twitter users has been published on a popular hacker forum for about $2. BleepingComputer has confirmed the validity of many of the email addresses listed in the leak. Since July 22nd, 2022, threat actors and data breach collectors have been selling and circulating large data sets of scraped Twitter user profiles containing both private (phone numbers and email addresses) and public data on various online hacker forums and cybercrime marketplaces.
These data sets were created in 2021 by exploiting a Twitter API vulnerability that allowed users to input email addresses and phone numbers to confirm whether they were associated with a Twitter ID. The threat actors then used another API to scrape the public Twitter data for the ID and combined this public data with private email addresses/phone numbers to create profiles of Twitter users.
Though Twitter fixed this flaw in January 2022, multiple threat actors have recently begun to leak the data sets they collected over a year ago for free. The first data set of 5.4 million users was put up for sale in July for $30,000 and ultimately released for free on November 27th, 2022. Another data set allegedly containing the data for 17 million users was also circulating privately in November. More recently, a threat actor began selling a data set that they claimed contained 400 million Twitter profiles collected using this vulnerability.
A threat actor released a data set consisting of 200 million Twitter profiles on the Breached hacking forum for eight credits of the forum’s currency, worth approximately $2.
This data set is allegedly the same as the 400 million set circulating in November but cleaned up to not contain duplicates, reducing the total to around 221,608,279 lines. However, BleepingComputer’s tests have also confirmed duplicates in this latest leaked data.
The data was released as a RAR archive consisting of six text files for a combined size of 59 GB of data. Each line in the files represents a Twitter user and their data, which includes email addresses, names, screen names, follow counts, and account creation dates, as shown below.
Unlike previously leaked data collected using this Twitter API flaw, today’s leak does not indicate whether an account is verified. While BleepingComputer has been able to confirm that the email addresses are correct for many of the listed Twitter profiles, the full data set has obviously not been confirmed.
Furthermore, the data set is far from complete, as there were many users who were not found in the leak. Whether or not your information is in this data set highly depends on whether your email address was exposed in previous data breaches. In 2021, the threat actors created massive lists of email addresses and phone numbers that were exposed in previous data breaches.
The scrapers then fed these lists into the API bug to see if your number or email address was associated with a corresponding Twitter ID with the email or phone number. If your email address is only used at Twitter or was not in many data breaches, it would not have been fed into the API bug and added to this data set. BleepingComputer has contacted Twitter regarding this leaked data but has not received a response to this or our previous emails.
Is your email in the leak?
Data breach notification service Have I Been Pwned (HIBP) has added the Twitter data leak to its system and has begun notifying subscribers if their email was found in the data set.
Troy Hunt, the creator of HIBP, told BleepingComputer that there is a total of 211,524,284 unique email addresses in the leak, down from the original number of 221,608,279 lines.
To check if your email is part of the Twitter leak, you can visit Have I Been Pwned and search with your email. If your email is part of the leak, HIBP will notify you with the list of detected data breaches, including the Twitter one, shown below.
200 million Twitter users’ email addresses allegedly leaked online
WhatsApp data leaked – 500 million user records for sale online
https://cybernews.com/news/whatsapp-data-leak/
LinkedIn Adds Verified Emails, Profile Creation Dates
https://krebsonsecurity.com/2022/11/linkedin-adds-verified-emails-profile-creation-dates/
Best Practices: Safe Social Networking
https://www.technology.pitt.edu/security/best-practices-safe-social-networking
Social Media & Threats
https://www.cio.gov/2020-10-13-Social-Media-and-Threats/
