Massive amounts of data about Twitter users, linking account names to email addresses, have been released for free by hackers.
Many people are not too worried about their email address falling into the hands of criminals. But here’s why you should worry about it.
On December 23, 2022, a user announced on a popular hacking forum that he had exploited a vulnerability in Twitter’s API to obtain the private data of 400 million users. He provided a sample of that data, which included email addresses, names, usernames, account creation dates, number of followers, and in some cases, phone numbers.
While the information was offered for sale, the hacker also offered Twitter to buy the data exclusively, to avoid fines related to the breach.
On January 3, 2023, as reported by Gizmodo, fellow forum user StayMad revealed that the heist was actually “only” 200 million user accounts and did not include phone numbers. . Other users speculated that the data originally put up for sale had been inflated and phone numbers had been added to the sample to raise the price.
StayMad also posted a link to download the data for free as a 67GB archive.
Although the personal data in your email address is limited, it can still cause you some major headaches.
The data is accessible to everyone, not just criminals.
Under normal circumstances, data obtained as a result of a data breach is traded on the dark net, and used by criminals to target you for possible financial gain. Because Twitter data is freely available, it can be used by anyone who is curious, doesn’t like what you say on the platform, or just likes your profile picture.
Instead of being confined to a relatively small community of junkies, your email address can be used and abused by anyone with an internet connection and the patience to spend the day downloading it.
Your email address facilitates bullying
You can post your life on Twitter and other platforms, but there are some details you want to keep off the site, and some people you really don’t want to interact with or hear from. We’ve already shown how easy it is to look up someone’s username on some platforms, but on most platforms you can block someone or, in the worst case scenario, leave them out altogether. If you previously blocked someone on Twitter, they can now email you instead.
Your email security has been compromised
Chances are if you Google your email address, it won’t come up. This means hackers and criminals are unlikely to know about it, and the accounts you use with this email address are unlikely to be targeted. Now that your email address is known to the world, it can be attacked. Criminals can use the information in your Twitter feed to improve the chances of cracking your password or to tailor spear-phishing attacks to increase the chance of success.
You are more vulnerable to “doxing”.
If you have an anonymous Twitter account, or even if you’re just trying to keep parts of your life private, your email address can provide an important clue to your true identity. This may seem like a small detail, but it’s probably a detail that the attackers didn’t have before. It may contain your full name or your place of residence. It may be related to your school or the company you work for. These pieces of information can be added together until they are enough to identify you as an individual, this is doxxing.
Twitter’s data flaw is more dangerous than it seems.
While other recent data breaches have exposed more information, the Twitter data leak offers attackers and thugs the opportunity to tie your email address to intimate details of your life. To prevent this from happening to you in the future, use an email alias when signing up for an account on a platform or service.