Hacked! My Twitter user data is out on the dark web -- now what?

RV_ · January 13, 2023

Excerpt:

"Your Twitter user data may now be out there too, including your phone number. Here's how to check and what you can do about it.

While trolling through the dark web this week, I found my Twitter account's data.

A dark web site this month released a data set of 200 million Twitter profiles. That's where I found my account's data. I know my data hadn't been revealed in earlier releases because I'd checked then. In my business, I take security seriously.

On Wednesday, Twitter said that "there is no evidence that data recently being sold was obtained by exploiting a vulnerability of Twitter systems."

The company suggests the newly exposed account data in December and January (yes, this is the second recent release) is "likely a collection of data already publicly available online through different sources."

Sure, Twitter has already admitted that there was a leak of user data, which was reported on in November 2022. But, according to Twitter, that was all data of about 5.4 million user accounts that had been exposed in August. That's still 5.4 million too many.

That data appears to have come from a 2021 hack. In that attack, a hacker abused an application programming interface (API). With it, email addresses were connected to Twitter profiles. The results include public Twitter profile data, such as names, usernames, and follower counts.

So far, so, relatively harmless. But, then, the attacker used another API to scrape this data and used it to pull out private email addresses and phone numbers. The resulting data of approximately 221,608,279 users has been released as a RAR archive. Within it, you'll find half-a-dozen text files adding up to 59GB of user data.

According to Have I Been Pwned (HIBP)'s founder Troy Hunt, 211,524,284 unique email addresses have been revealed. And now, whether from that known leak or not, mine has too. American Express and Experian IdentityWorks have both contacted me to tell me my data has been revealed.

How can you tell if your account's information has been revealed? Run your e-mail address through Have I Been Pwned.If you see the message below, you''ve been hacked.

If you see this message on Have I been Hacked, well, yes, yes you have been.

sjvn

What you should do if your Twitter data was compromised

So what can you do about it if your Twitter data is out there, too? Well, as American Express told me, be even warier than usual about possible phishing and spam attacks. For example, if you get an email message promising you great pet insurance for your dog Spot and you've shared many photos of Spot on Twitter, take a long, hard look at the note before responding to it. In particular, look carefully at any URLs in these messages."

Source:

https://www.zdnet.com/article/hacked-my-twitter-user-data-is-out-on-the-dark-web-now-what/