A popular hacking platform has published leaked personal data from 235 million Twitter users, which marks the second major Twitter data leak in just two months. The leak left millions of social media users vulnerable with personal information allegedly circulating the dark web.
While some cybersecurity experts claim the data was leaked through an exploited flaw in Twitter’s API (application programming interface), Twitter has denied fault.
The incident leaves many at risk and raises questions about Twitter’s trustworthiness. Although data security was already a major problem under Twitter’s former ownership, Elon Musk inherited an array of challenges with his controversial takeover.
Personal Information of 235 Million Twitter Users Exposed
The email addresses, phone numbers, and Twitter handles of 235 million users were published on a popular hacking platform. The data set included personal information from many public figures, including Donald Trump, Piers Morgan, and Ricky Gervais. It’s now available for anyone to view and download online.
According to Alon Gal, Co-Founder and CTO of Hudson Rock, the data was most likely obtained by a method called “scraping”. In cybercrime, this is when hackers use computer programs or “bots” to extract data with relative ease and little effort.
Gal also denotes the incident “one of the most significant data leaks in history” saying it will “lead to a lot of accounts getting hacked, targeted with phishing, and doxxing.”
The published data also raises concerns about the safety of people using the platform anonymously to speak out against repressive government regimes and corruption.
With Twitter handles published alongside PII (personally identifiable information), outspoken users can be now linked back to their controversial Tweets and comments. In certain countries, this can result in severe consequences including long prison sentences without trial.
The data allegedly came from an exploited API flaw in Twitter’s system. However, Twitter denied this claim in a published report outlining findings from investigations by its incident response team.
According to the report, the exposed information matches data from a leak occurring in July, before Musk’s takeover. In November, the same data was put up for sale for $200,000.
How Will Hackers Exploit Data Leak?
Hackers worldwide will likely seize the opportunity to exploit leaked Twitter data. To protect yourself from the misfortune of falling victim, it can help to know which angles attacks might come from. Here’s a list of the most obvious vulnerabilities:
- High-profile accounts. Accounts with many followers are a major target as cybercriminals can use them for spreading malware. If you have a high profile account, change your password and Twitter email address.
- Crypto Twitter accounts. Given the financial nature of crypto accounts, they will likely be prime targets for hackers. Cybercriminals will likely prioritize personal accounts associated with high profile cryptocurrency accounts.
- Political accounts. Politician accounts are high profile accounts with extra cause for becoming targets. They may be attacked by hackers politically opposed to their views, policies, and ideas.
- Doxxing anonymous accounts. Doxxing is the act of revealing personally identifiable information about a person who wishes to stay anonymous. This can be a major problem for people anonymously speaking out against corruption of authoritarian governments.
- Social-engineering attacks. Social-engineering attacks use psychological manipulation to gain a victim’s trust before exploiting them. Now hacker’s might have your email address and phone number, pay special attention to contact from unfamiliar persons.
We can’t protect you from social engineering attacks if your data is already on the platform, but we can protect you from hackers and snoopers on your network. CyberGhost VPN uses government-grade encryption to scramble your internet traffic so hackers can’t intercept your data.
Twitter Faces Class-Action Lawsuit For Alleged Exploit
Despite Twitter’s defensive position, one New Yorker is suing the social media company for $5 million in the Northern District of California. The lawsuit launched by Stephen Gerber claims the leak occurred because of an exploit of an API flaw.
Gerber is also accusing Twitter of “burying its head in the sand,” and believes Twitter took deliberate steps to conceal the issue.
The lawsuit is on behalf of everyone affected by the breach and claims peoples’ personal information is now being distributed on the dark web. With stark counter claims from Twitter and the plaintiff, the lawsuit is sure to render interesting results.
Another Stain On Twitter’s Problematic Privacy History
This incident isn’t the first time the social media firm has come under fire for privacy protection concerns. In May 2022, the Federal Trade Commission (FTC) took action against Twitter for “deceptively using account security data to sell targeted ads.” Twitter paid $150 million for the violation and has since been under close scrutiny from the FTC.
In August 2022, Twitter’s former head of security, Peiter Zatko blew the whistle alleging the company deliberately misled regulators about security practices. He also claims the firm neglected addressing disinformation bots on the platform.
While these issues occurred under Twitter’s previous ownership, it doesn’t make them less troublesome for Elon Musk. The new owner has come under fire since his controversial takeover for a number of reasons. While many support his new policies, others have questioned his ability to manage what he calls “the digital town square.”
Is Elon Stepping Down?
On December 19, 2022, Musk launched a poll on Twitter asking “should I step down as head of Twitter?” He also stated he would “abide by the results” of the poll.
After more than 17.5 million votes, a majority of 57.5% voted he should step down. He then stated he’ll resign as CEO when he finds someone “foolish enough to take the job.”
Musk exhibited intentions to step down as head several weeks before in November. He told the courts about his plans to “reduce” his time at Twitter and find someone else to take his position.
Protect Yourself On Twitter
Twitter’s recent history is characterized by extreme turbulence and instability. If you wish to use the platform safely and anonymously, dedicate an email address solely for Twitter use. By making sure it doesn’t have any PII, you can enjoy the platform knowing your activity can’t be linked back to you.
It may also be worth considering Twitter alternatives which are growing in popularity. Twitter is currently a major target for cybercriminals but hackers are less likely to target smaller social platforms.
Consider adding a VPN to your digital toolkit to protect you and your data online. Our state-of-the-art VPN encrypts your internet traffic, minimizing how much information websites collect about you. It also safeguards you from attacks on public Wi-Fi. Get CyberGhost VPN to stay private and in-control of your online data.