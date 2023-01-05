Someone has posted a database of over 200 million email addresses used for Twitter accounts on the dark web and is selling it for just a handful of dollars – just $2.

According to Beeping computerwhich managed to confirm the authenticity of at least some of the email addresses posted in the ad, this isn’t a new leak, but rather a recycling of the data previously leaked via a flawed API call.

In 2021, a vulnerability in the Twitter API was discovered that allowed attackers to enter email addresses or phone numbers into Twitter to see whether or not they were associated with an active Twitter account. Some may recall that when they tried to log into Twitter with a valid email or phone number, even if the password was incorrect, the platform would still display the ID and profile name of the account associated with those credentials.

Clean up old leaks

Hackers then used a separate API to scrape the public Twitter data for the IDs and compared it with email data to generate a list of Twitter accounts.

A year later, in 2022, threat actors began selling databases generated in this way. The original database, with more than five million entries, went on sale in mid-2022 for $30,000. The database was then reduced to 400 million entries (probably after eliminating duplicates, fake accounts, etc.), and now there are exactly 221,608,279 lines left.

Still, the publication found that this database also has duplicates and is not completely clean.

In total, the threat actor published a set of six text files, combined in a .RAR archive, weighing about 59 GB.

Each line in the file carries a certain identity (opens in new tab)-related information: a Twitter user and their email address, name, Twitter account, number of followers and creation date. Previous leaks also showed whether the account was verified or not, while this database does not.

Through: Beeping computer (opens in new tab)