Twitter data dump: 200m+ account database now free to download

Updated More than 200 million Twitter users' information is now available for anyone to download for free.

This latest data dump, which includes account names, handles, creation dates, follower counts, and email addresses, turns out to the be same — albeit cleaned up — leak reported last month that affected more than 400 million Twitter accounts, according to Privacy Affairs' security researchers, who verified the database that's now posted on a breach forum. 

The halved number of accounts is due to the removal of duplicates, according to Privacy Affairs CEO and founder Miklos Zoltan. "However, this time, the data is available for anyone to download for free, instead of being listed for sale at $200,000, as it was in December," he wrote.

Some of the well-known people and organizations included in the new 63GB database leak include Donald Trump Jr., Google CEO Sundar Pichai, SpaceX, the US National Basketball Association, CBS Media and the World Health Organization, according to Zoltan's blog post about the breach.

No word on whether the Christmas day hack of British education secretary Gillian Keegan's Twitter account is related. In that case miscreants took over Keegan's account, changed her profile picture to Elon Musk, and posted a series of tweets promoting cryptocurrencies.

Twitter did not respond to The Register's inquiries.

• Stolen info on 400m+ Twitter accounts seemingly up for sale
• More pre-Musk Twitter 1.0 execs leave the building
• Twitter whistleblower Peiter 'Mudge' Zatko lands new gig at Rapid7
• Elon Musk's cost-cutting campaign at Twitter extended to not paying rent, claims landlord

While the leaked data does not include users' phone numbers, physical addresses or passwords, it still poses a risk to the exposed account owners, Zoltan said.

"Privacy Affairs cybersecurity experts reviewed the published data and believe this latest leak could lead to social engineering attacks and doxxing."

The leaked email addresses linked to Twitter accounts can be combined with other publicly available information to determine users' real-life identity and locations. Plus, phishing emails continue to provide a successful entry point for criminals — and nation state thugs — looking to pull off social engineering attacks.

Of course, the published email addresses can also be used by spammers or scam markers, and all they need to do is convince one victim to click on a malicious link.

While this week's data dump contains fewer accounts, it could prove to be more serious because the crooks are giving away the full database for free, researchers warned.

"It is not certain at this moment how exactly this data was obtained," Zoltan noted. "The most likely method used could have been the abuse of an application programming interface (API) vulnerability."

As previously reported, the records were apparently scraped in 2021 via a security flaw Twitter said it fixed last year. ®

Updated to add on Wednesday, January 11

As to where all that account info came from, Twitter has claimed it found “no evidence” that the hundreds of millions of users’ information being sold — and then given away for free — online was obtained by exploiting a bug in its system.

After completing its investigation into the data dumps, Twitter’s incident response team said the 5.4 million exposed user accounts reported in November were the same ones from the earlier August 2022 leak.

Additionally, the 400 million accounts reported in late December “could not be correlated with the previously reported incident, nor with any new incident,” according to a Twitter privacy center blog posted today.

And similarly, the 200 million dataset, which Twitter confirmed was the same as the 400 million but with the duplicate entries removed, “not be correlated with the previously reported incident or any data originating from an exploitation of Twitter systems.”

“The data is likely a collection of data already publicly available online through different sources,” Twitter claimed, noting that it is in contact with various countries’ data protection agencies about the “alleged incidents.”