Hacker put 200M users’ private information up for grabs

200 million Twitter users’ personal information, including email addresses, was sold after publishing the personal information of 400M users in the last week of December 2022.

The hackers behind the previous December breach demanded $200,000 from Twitter in an attempt to return the stolen data and warned that if the demand is not fulfilled, the data will be released for free. The latest data set posted on a hacker forum has been traced back to a similar breach from December 2022.

Researchers at Privacy Affairs confirmed that the data set was leaked on the same hacker forum as early as December. The number 200 million, in this case, is the result of removing duplicates. The released dataset does not contain phone numbers. The researchers warn that these data sets could be used to launch social engineering or “doxing” campaigns.

The original dataset was 63GB, but after removing duplicates and compressing the files, the size of the latest dataset was reduced to 4GB and is free to download.

The hackers also noted that an analysis of the original file date and account creation date “strongly suggests” that it was collected from early November 2021 to December 14, 2021.

related: LastPass data breach resulted in $53K in Bitcoin being stolen, according to lawsuit

Many users on Twitter are demanding that the social media platform look at its security because the hack is putting activists and whistleblowers at risk.

Some of the famous and famous names and entities include Sundar Pichai, Donald Trump Jr., SpaceX, CBS Media, NBA, and WHO. The data breach vulnerability has now been patched, but tracking the hack, it seems the same vulnerability was used for another exploit in July 2022.