The leak that X would prefer you not to be aware of: 201 million email addresses were made public
One of the biggest data breaches in the history of social media platforms may be affecting Elon Musk's social network X, formerly known as Twitter.
The cybersecurity team SafetyDetectives came across a troubling post on the hacker forum BreachForums over the weekend. There, a 34GB file with over 201 million records purportedly connected to X accounts was shared by a user going by the pseudonym ThinkingOne.
Each account's associated email addresses are among the many pieces of metadata included in the file. SafetyDetectives has verified that the sample under review is authentic.
The incident's precise cause is still unknown. It is known that over 200 million accounts are directly impacted by this problem. But if ThinkingOne's assertions are accurate, the issue might be far more serious. The hacker claims that earlier this year, there was a security breach that allowed data from over 2.8 billion accounts to be compromised. The size of this much larger file was about 400 GB.
Even more concerning is the fact that, according to ThinkingOne, neither the public nor the company seem to understand the scope of the issue. He even asserts that he has attempted to get in touch with X via a number of channels but has not heard back.
Even though there are a lot of compromised accounts, not all of them are actual users. Actually, a lot of them might be spammers, bots, or users who have disabled or erased their accounts. According to analytics sites like Statista, there are currently 400 million active users of X worldwide.
In theory, extremely sensitive data like passwords or bank account information are not included in the compromised data. However, ThinkingOne went one step further and contrasted this new hack with the previous one in 2023, which included data from 209 million accounts, primarily emails.
Consequently, information from 201 million active users found in both leaks was compiled into a single archive. When emails and metadata are combined, more complex attacks become possible. This information could be used by criminals to carry out social engineering campaigns, send phishing emails, or carry out other highly specialized and customized scams.