Over 200M Twitter users’ email addresses leaked, says researcher

The leak may lead to further hacking, targeted phishing, and doxxing, according to the researcher.

Over 200M Twitter users’ email addresses leaked, says researcher

Friday January 06, 2023,

2 min Read

Hackers have leaked a database containing over 200 million Twitter users’ email addresses and other unique records on a hacker forum, according to a security researcher.

The database was “circulating heavily” and subsequently leaked for free on January 4, as per Alon Gal, Co-founder and Chief Technology Officer of Hudson Rockco—an Israel-based cybersecurity monitoring company. “This is one of the most significant leaks I've seen,” Gal noted in a LinkedIn post.

The leak “will, unfortunately, lead to a lot of hacking, targeted phishing, and doxxing,” Gal said, adding that “agencies around the world will use this database as well to further harm our privacy”.

Gal has shared screenshots of the hacker forum on social media. YourStory could not independently verify if the data on the hacker forum was authentic and came from Twitter. 

Gal first posted about the database leak on LinkedIn on December 24, 2022, which noted that the database contained information of 400 million Twitter users, including emails and phone numbers of high-profile users.

Recently, he stated, “I now believe the final count of this database is 235,000,000 users rather than the initial 400,000,000 figure. Further, the database likely contains the email addresses (private information) and public information of Twitter users—but not their phone numbers.”

Gal, however, suspects that “a database with phone numbers of an unknown amount of Twitter users likely exists”.

According to CloudSEK—a contextual AI company that predicts cyber threats—the affected fields include email address, name, screen name/username, account creation date, and follower count. 

Cybercrime takes a $600 B toll on the global economy, finds study

“The vulnerability in Twitter’s API enabled threat actors to input phone number/email address to retrieve the Twitter user ID, which in turn enables data scraping,” a CloudSEK researcher said in a statement.

Twitter has not issued an official statement about the data leak, and it was not clear if the micro-blogging platform has taken any action to investigate or fix the issue. Twitter did not respond to the queries sent by YourStory at the time of publication.

Edited by Suman Singh