More Twitter Users' Data for Sale on the Dark Web

01/06/2023Cybercrime, Darknet News, USA

Researchers are alerting the public that data from 200 million Twitter users has been acquired and made available for free on a darknet hacking forum. This seems to be a different dataset than the one we have previously reported.

According to a Privacy Affairs probe, the 63GB of data posted to the Dark Web on January 4 included public account details like the name, handle, creation date, and follower count. The content was obtained, according to the responsible cybercriminal, using data scraping, which is the practice of utilizing automated scripts to extract public data from social media websites. The company discovered that the database also contains email addresses, which aren’t included in the users’ public profiles.

According to Miklos Zoltan, creator of Privacy Affairs, “the availability of the email addresses linked with the listed accounts could be utilized to determine the real-life identity or location of the affected account users using social engineering attacks.” The email addresses may potentially be used to send individual users threatening emails or spam or scam marketing campaigns.

The way the email addresses were obtained is still unknown, but according to Zoltan, the “most likely method employed could have been the abuse of an application programming interface (API) vulnerability.” Because of misuse of a Twitter API, phone numbers were linked to Twitter handles in at least one previous instance of a data leak on Twitter.

And thousands of mobile applications were discovered to be leaking Twitter API keys in August.

Other scientists agree with Zoltan’s analysis.

Sammy Migues, lead scientist at Synopsys, stated via email that “API security is the actual story here.” “Refactoring monolithic programs into tens of thousands of APIs and microservices is becoming increasingly popular as the creation of cloud-native apps soars. This effort is undoubtedly expanding far more quickly than the number and quality of application architects who are capable of creating functional secure API and zero trust architectures.”

A request for comment was not immediately answered by Twitter, which has so far kept quiet about the developments.

Scraping Public Profile Data Is a Real Risk

According to Privacy Affairs, the 200 million Twitter records appear to be the same data trove that was advertised for sale for $200,000 in dark markets in December. 400 million profiles were included at the time, but the company claimed that this most recent listing de-duped the database, producing a leaner data set with no repetitions — and it’s now being made available for free download to anyone who wants it.

Even the publicly accessible data might be exploited for incredibly precise assaults, aside from the cyber-danger associated with disclosing emails linked to Twitter accounts.

Because Twitter handles are frequently used on corporate websites in place of direct contact information, it can act as metatags that attackers can use to track the user’s web presence, far outside of Twitter itself. Specifically, it can be cross-referenced with other data that a user may have shared across platforms to create a 360-degree view of a person, including their interests, likes, social circles, and even corporate activity.

This process and the threats it can cause can now be automated in this situation because a large volume of data has been gathered in a convenient database. Facebook and LinkedIn have both received penalties and other negative press for prior data-scraping situations, illustrating the potential seriousness of this issue for both social media users and the networks themselves. Who could forget the Cambridge Analytica incident from the earlier period, in which a staggering number of public user profiles and posts were scraped and utilized to target political messaging to site users.

Best practices still hold true when it comes to safeguarding against any further hacks (or influence targeting), according to Jamie Boote, associate software security consultant at Synopsys.

He replied by email, “As always, malicious actors have your email address.” “Users should update their Twitter password and make sure it isn’t used on any other websites in order to be safe. To prevent phishing attempts going forward, it’s usually advisable to just delete any emails that appear to be from Twitter.”

Another lesson to be learned is to use caution when posting information publicly on social media to prevent giving hackers access to rich data profiles.