Twitter account information on 200 million users, including Google CEO Sundar Pichai and Donald Trump Jr., is now available for free on a hacker forum, according to security researchers.
The researchers at Privacy Affairs, a group of experts in several countries, say the data comes from the same trove of information on 400 million Twitter users that was offered for sale on the dark web for US$200,000 in December.
The data includes account name, handle, creation date, follower count, and email address. It also includes the accounts created by a number of organizations such as SpaceX, CBS Media and the National Basketball Association.
It doesn’t include passwords. Still, the researchers warn “the availability of the email addresses associated with the listed accounts could be used to determine the real-life identity or location of the affected account holders through social engineering attacks. The email addresses could also be used for spam or scam marketing campaigns and for sending personal threats to individual users.”
The hackers claim they got this data through scraping information collected by Twitter from its users. However, the researchers admit they aren’t sure how the data was obtained. The most likely method used could have been the abuse of an application programming interface (API) vulnerability.
Data scraping of Twitter isn’t new. All one has to do is a Google search of “Twitter scraping” to find tips and tools for doing it.
“The simple, structured format of Twitter and its various posting functions makes it relatively easy to navigate and scrape,” James Phoenix wrote last February for a site called Just Understanding Data. The Twitter API does allow users to read and write Twitter data, he added, noting, “Using the Twitter API instead of scraping Twitter data ensures compliance with Twitter’s terms of service, but it’s not as efficient or flexible as using scraping services.”
Privacy Affairs says on the hacker forum where this data haul is being marketed, a user needs to purchase ‘credits’ to download leaks posted by forum users. The forum poster is offering the data for free; the forum, however, charges a credit (~$2) to initiate a download.
Post a Comment