A leaked database of more than 235 million Twitter user e-mail addresses has been published online.

Alon Gal, CTO of security firm HudsonRock, shared the news in a post on LinkedIn. Gal reports that a major Twitter database has been publicly leaked after circulating for some time.

According to the CTO, the data appeared on an online hacker forum around Christmas. Leaked e-mail addresses and other personal data were obtained through an unsecured API.

The API allowed unauthorized users to query e-mail addresses and phone numbers to surface Twitter profiles. The leak reportedly existed until early 2022.

Wave of attacks

In his statement, Gal says that the newly leaked data is likely to lead to a wave of phishing attempts and cyberattacks.

Gal expects cybercriminals to target crypto-related profiles, famous people, accounts with valuable usernames and political organizations.

No response

Earlier estimates suggested the breached database contained information on 400 million Twitter users. The breach reportedly kept growing until early 2022. Twitter has not responded to Gal’s claims at the time of writing.

Late last year, the Irish privacy regulator Data Protection Commission (DPC) announced it was launching an investigation into an earlier Twitter data breach.

This incident involved the publication of the data of 5.4 million users stolen in 2021. Like the more recent incident, the breach was reportedly caused by a Twitter API.

Tip: Cybercriminals sell data of 400 million Twitter users