Cyber-security researchers have found a data dump comprising over 200 million Twitter users, that was earlier being sold for $200,000.
The data, including email address, name, screen name/username, account creation date and follower count was offered for 8 forum credits on a famous hacker forum, that amounts to $200,000, according to the team from AI-based cyber-security firm CloudSEK.
“The vulnerability in Twitter’s API, enabled threat actors to input phone number/email address to retrieve the Twitter user ID which in turn enables data scraping,” said a CloudSEK researcher.
Last month, a hacker claimed to have stolen the data of nearly 400 million Twitter users and put it up for sale on the dark web.
On January 4, a new user on the hacker forum with the username StayMad, leaked the affected Twitter user database containing over 200 million records, that was earlier being offered for $200,000 by the threat actor with username Ryushi at the same English-language speaking cybercrime forum.
According to CloudSEK researchers, it was observed that the count of compromised records was found to be over 200 million as compared to the announcement made on December 23, 2022 stating that 400 million records were gathered, “the reason being the presence of duplicate records”.
The threat actor shared two files, one of which displayed the user account data scrape, found to be from over 221 million Twitter accounts and the second file displayed the scraped data, from over 100,000 verified accounts, the researchers noted.