Security experts have warned that email addresses linked to over 200 million Twitter profiles are being circulated on underground hacker forums, which could potentially expose the identities of anonymous users and make it easier for cybercriminals to take over Twitter accounts or victims’ accounts on other websites. The leaked data includes users’ names, account handles, follower numbers, and creation dates.
It is believed that the data was collected in 2021 through a bug in Twitter’s systems, which the company fixed in 2022 after a separate incident in July involving 5.4 million Twitter accounts alerted them to the vulnerability. The leaked data could be leveraged to build smarter and more sophisticated hacking, phishing, and disinformation campaigns. The extent of the leaked data could connect anonymous Twitter handles with the real names or email addresses of their owners, posing a risk to journalists, activists, dissidents, or other at-risk users around the world.
The risk is particularly high for users who use the same account credentials on Twitter as they do for other digital services, such as banks or cloud storage, because hackers could use the information to gain access to user accounts elsewhere. Twitter has not yet commented on the leak.