A data leak containing email addresses of 222 million Twitter users has been published on a popular hacker forum. Many experts have analyzed it and confirmed the authenticity of many of the entries in the leaked archive.
Since July 22, 2022, threat actors and data breach collectors have been selling and circulating large data sets of scraped Twitter user profiles containing both private data (phone numbers and email addresses) and public data on various hacker forums. These data sets were created in 2021 by exploiting a Twitter API vulnerability.
The first data set of 5.4 million users was put up for sale in July 2022 for $30,000 and ultimately released for free on November 27, 2022. Another data set allegedly containing the data for 17 million users was also circulating privately in November.
On January 4, 2023, a threat actor released a data set consisting of 221,608,279 Twitter profiles on the Breached hacking forum for eight credits of the forum’s currency, worth approximately $2.
Unlike previously leaked data collected using this Twitter API flaw, this leak didn’t indicate whether an account is verified.
Read more about it here.