Twitter Data Leak Leaves 200 Million Account Email Addresses Exposed

Published on
January 21, 2023
Hailey Carlson

Twitter Data Leak Leaves 200 Million Account Email Addresses Exposed

Over 4.5 billion people around the world use social media on a regular basis. As one of the primary ways we stay informed about what is going on in the world today, social media has become a major factor in many of our lives. Facebook, Instagram, and LinkedIn rank among the most used social media platforms today - also on this list, wrapping up the top 10, is Twitter with 217 million monthly active users. Twitter has been in the news quite a bit recently - from the drawn out purchase of Twitter by Elon Musk to the responses by employees and users following this leadership change, Twitter has been everywhere lately. The social media business finds itself in the news yet again for another unfavorable reason. Twitter has a history of cybersecurity issues dating back to early 2009 where a hacker gained access to the accounts of 33 high-profile users. More recently, the company experienced a hack which resulted in data for 5.4 million user accounts being published online by the attackers. 

Now, Twitter’s latest cybersecurity contention comes to us in the form of a data leak, impacting 200 million accounts. The data, which in this case consists of user email addresses, was accessed via data scraping - a form of information gathering in which data is scraped from websites and imported into a spreadsheet on the scraper’s device. While it is legal to scrape publicly available data, the data accessed in this particular leak was initially accessed following an application programming interface (API) vulnerability which was accessed over the course of eight months from 2021 to 2022. The data accessed in this event solely consisted of email addresses, however, this data was used to expose a link between Twitter accounts and email addresses, which is particularly problematic for those users who use pseudonyms and prefer to remain anonymous from the profile they operate on Twitter. 

Twitter addressed this leak recently, stating that the company has conducted “a thorough investigation” in which “no evidence” of the data solid online was taken by exploiting a Twitter vulnerability, despite researchers stating that this data set of roughly 200 million accounts is allegedly a cleaned up version of the 400 million breached accounts accessed via a zero-day security vulnerability.

Users can check to see if their data was involved in this incident, or any of the other leaks and breaches recently experienced by Twitter, through a multitude of “have I been breached” sites, including through the Twitter account @HaveIBeenPwned (a pseudonymic profile, likely impacted itself by the recent data scraping issue).

Image by coolvector for Freepik.