While trolling through the dark web this week, I found my Twitter account’s data.
A dark web site this month released a data set of 200 million Twitter profiles. That’s where I found my account’s data. I know my data hadn’t been revealed in earlier releases because I’d checked then. In my business, I take security seriously.
On Wednesday, Twitter said that “there is no evidence that data recently being sold was obtained by exploiting a vulnerability of Twitter systems.”
The company suggests the newly exposed account data in December and January (yes, this is the second recent release) is “likely a collection of data already publicly available online through different sources.”
Sure, Twitter has already admitted that there was a leak of user data, which was reported on in November 2022. But, according to Twitter, that was all data of about 5.4 million user accounts that had been exposed in August. That’s still 5.4 million too many.
That data appears to have come from a 2021 hack. In that attack, a hacker abused an application programming interface (API). With it, email addresses were connected to Twitter profiles. The results include public Twitter profile data, such as names, usernames, and follower counts.
So far, so, relatively harmless. But, then, the attacker used another API to scrape this data and used it to pull out private email addresses and phone