“This is one of the biggest leaks in history. » On Wednesday, January 4, the Israeli cybersecurity expert company Hudson Rock revealed on Twitter that this social network had been the subject of a massive data leak. Information quickly taken up by Anglo-Saxon media such as the Washington Post where the Guardian.
Twitter database leaks for free with 235,000,000 records.
The database contains 235,000,000 unique records of Twitter users and their email addresses and will unfortunately lead to a lot of hacking, targeted phishing, and doxxing.
This is one of the most significant leaks ever. pic.twitter.com/kxRY605qMZ
— Hudson Rock (@RockHudsonRock) January 4, 2023
“The file contains the personal data of 235 million Twitter users and their email addresses, and will unfortunately lead to a large wave of hacking, targeted phishing (phishing) and doxxing (disclosure of personal information with the aim of harming to a person) “Hudson Rock lamented in his tweet.
Data accessible for two euros
235 million… or more than half of the Twitter accounts in the world. The social network had 436 monthly users in January 2022. The email addresses of these Internet users are now publicly available on a famous hacker forum, Breached. Downloading them would only cost a few site credits, the equivalent of around two euros.
In a detailed article,the Tribune explains that according to comments made on said forum, the hack took place at the end of 2021 due to a flaw in the Twitter API. This tool allows sites to retrieve public data from the social network, for advertising purposes, for example.
However, due to a malfunction, the Twitter API also made it possible to discover private data. This bug was apparently exploited for several days by an individual who ended up collecting data from millions of users. The existence of such a malfunction was confirmed by Twitter in August, after a much less massive leak (5.4 million accounts). Neither Twitter nor Elon Musk, however, reacted to the incident revealed in early January.
The Irish regulator is looking into the matter
Already at the end of December, a hacker nicknamed Ryushi had claimed to hold the personal data of 400 million Twitter subscribers, and was asking for $200,000 to sell them exclusively. This time, the data is accessible almost free of charge on the Breached forum, and without having to go through the “dark Web”. This makes experts fear massive cryptocurrency or parcel delivery scams.
After the December incident, the Irish Data Protection Commission (DPC) announced it was looking into Twitter’s compliance with the European Data Protection Regulation (GDPR). This Irish equivalent of the French Cnil (National Commission for Computing and Liberties) is Twitter’s regulator on behalf of the European Union, since the company’s regional headquarters are in Dublin.
On January 4, the day of the announcement of this massive leak, the Irish authority severely sanctioned Facebook and Instagram for violating the GDPR. The first social network was fined 210 million euros, and the second, 180 million.
