A database with more than 200 million email addresses of users of Twitter has suffered a leak in the last hours. As reported BleepingComputer, the list disclosed in a hacker forum also includes the usernames and real names, the dates of the creation of the profiles and their corresponding numbers of followers. Fortunately, the account passwords have not been affected. But even so, the event represents a serious security risk for those affected.
It is worth clarifying that the information that has come to light does not correspond to a recent hack. Researchers have managed to trace the source of the leak back to 2021, when malicious actors were able to exploit a vulnerability in the Twitter API. Through it, they managed to enter phone numbers and email addresses en masse to check if they were associated with accounts on the social network. and with a bug in another API, they were able to extract the details of the profiles in question.
Twitter fixed the security flaw in January 2022, but did not publicly report it until August. In subsequent months, several batches of user data began to appear on the web. However, it was not until last November, when a hacker claimed to have a database belonging to 400 million accounts created on the platform, that the case gained notoriety.
According to the analysis carried out by BleepingComputer, everything indicates that the list of 200 million email addresses is the same one that appeared at the end of last year. With the difference that it has been purged to remove data that appeared to be duplicates. Although it has been possible to demonstrate that the list continues to include repeated information.
Is my email address part of the Twitter leak?
The experts who analyzed the case have come to the conclusion that it all depends on whether the email address you use on Twitter has been part of a previous leak. If your e-mail has been obtained by scrapers from other websites, there are high chances that you have ended up within the disclosed database.
Luckily, there is a way to check if your email was part of this Twitter leak. Troy Hunt, the creator of the website have i been pwned?added more than 200 million email addresses to its popular platform. So that when you enter yours you will be able to know if, indeed, it is in the hands of hackers. But you will also be notified of all previous leaks in which your email has been involved.
In fact, Hunt himself Indian on Twitter that 98% of the emails in the database have been leaked multiple times.
When it comes to what to do if your email address has been part of the Twitter leak, you have a couple of possibilities. The first and most logical is to change the email associated with your account on the social network. You can do this from Settings and privacy > Your account > Account information > Email. There you can update your address to a different one.
If you prefer a more drastic solution to deal with the leak, you can create a new email account and another twitter profile. Although this also depends on whether you are willing to lose your current followers, something that is also tied to the amount you have. Whichever option you choose, don’t forget to use a strong password and turn on two-step verification or two-factor authentication.
It is also important pay special attention to the emails you receive in your mailbox. The data included in the Twitter leak can be used in attempts to scam, impersonate or doxeo.