Jump to content

twitter user info leak


Florian

Recommended Posts

Its interesting how they exploited the API but, imho, has less of an impact outside of ID of anonymous accounts (which if they added a phone number too is kinda there fault if they wanted to stay anonymous). It adds to phishing lists sure but email and phone number is not really private information in this day and age.

Link to comment
Share on other sites

6 hours ago, Grubbslinger said:

Its interesting how they exploited the API but, imho, has less of an impact outside of ID of anonymous accounts (which if they added a phone number too is kinda there fault if they wanted to stay anonymous). It adds to phishing lists sure but email and phone number is not really private information in this day and age.

Phone numbers leaking can be really bad if they are also tied to, let say, a big wallet on some cryptocurrency exchange platform with an option to recover the account by text. Those people are just a SIM swapping attack away from losing all their funds. Cryptobros love bragging about being rich on twitter and some of them are not the sharpest tool in the shed, I bet a huge chunk of them are using the same phone number everywhere. 😅

Link to comment
Share on other sites

i did take a look and as far as i can see, it contains following information:

 "id": (KAZU NOTE: Twitter ID, this is given to a account when it's created and never change even when Handle is changed and is used by twitter to keep track of accounts and is public, 
  "name": (KAZU NOTE: often contains first or/and last name of the person or alternatively just the the screen name if no real name)
  "screen_name": 
  "location":  (KAZU NOTE: often 
  "url":
  "description": (KAZU NOTE: twitter bio)
  "protected":
  "followers_count":
  "friends_count": 
  "listed_count": 
  "created_at": (KAZU NOTE: list exact time and date when the account was created down to the second)
  "favourites_count":
  "verified": 
  "statuses_count":
  "is_translator":
  "profile_image_url_https": 
  "default_profile_image":
  "translator_type": 
  "email": 

while most information provided are things that is not considered private information, beside maybe email to some limited degree, the information provided is still something that can be of low-medium security risk and medium privacy risk as it can be abused under the right circumstances to enrich or provide a starting point for OSINT activities. which can naturally lead to finding further information and can then be used for phishing or so forth, but the information in the leak itself have limited impact from a security standpoint.

Also, no password or phone numbers appears to be included in the leak. although there's already a old leak with 18mil mail and passwords in it floating around, so you can use that one to enrich this one with that extra information i guess.

 

Edited by kazukidevnull
  • Thanks 2
Link to comment
Share on other sites

i hate i can not edit posts after a while as i wrote this late at night when my head barely functioned and now i see a bunch of errors i would've liked to fix >_<

the location note was supposed to be removed and i dunno what some of the fields mean such as "translator_type", "is_translator" and "listed_count".

Edited by kazukidevnull
  • Like 1
Link to comment
Share on other sites

15 hours ago, kazukidevnull said:

i did take a look and as far as i can see, it contains following information:

 "id": (KAZU NOTE: Twitter ID, this is given to a account when it's created and never change even when Handle is changed and is used by twitter to keep track of accounts and is public, 
  "name": (KAZU NOTE: often contains first or/and last name of the person or alternatively just the the screen name if no real name)
  "screen_name": 
  "location":  (KAZU NOTE: often 
  "url":
  "description": (KAZU NOTE: twitter bio)
  "protected":
  "followers_count":
  "friends_count": 
  "listed_count": 
  "created_at": (KAZU NOTE: list exact time and date when the account was created down to the second)
  "favourites_count":
  "verified": 
  "statuses_count":
  "is_translator":
  "profile_image_url_https": 
  "default_profile_image":
  "translator_type": 
  "email": 

while most information provided are things that is not considered private information, beside maybe email to some limited degree, the information provided is still something that can be of low-medium security risk and medium privacy risk as it can be abused under the right circumstances to enrich or provide a starting point for OSINT activities. which can naturally lead to finding further information and can then be used for phishing or so forth, but the information in the leak itself have limited impact from a security standpoint.

Also, no password or phone numbers appears to be included in the leak. although there's already a old leak with 18mil mail and passwords in it floating around, so you can use that one to enrich this one with that extra information i guess.

 

Excellent breakdown! I agree that is low to medium risk, I would just not set off the octoalert for this as a breach.

  • Like 1
Link to comment
Share on other sites

1 hour ago, Grubbslinger said:

Excellent breakdown! I agree that is low to medium risk, I would just not set off the octoalert for this as a breach.

Well, i try, although not easy when head is kicking and screaming cause it had enough but i insist keep going😂

 

Tbh, as mentioned, compared to the leak a while back of 18m mail and passwords, this one, is barely worth worrying about as from what i understand it, the information was gathered using a twitter API which i am pretty sure is close to if not exact same API as all the Twitter OSINT services out there are using. heck, if i am not mistaken i can easily(or could before elon arrived) just ask twitter for a API which provide most of this information if i stated it was for statistical/research/development purposes.

so i think the biggest value of this one is the fact that i got general information of 5.4m accounts collected neatly in a json file which i can easily throw into a elasticsearch db for future investigations instead of having to try collect it all on my own using twitter's API or 3th party services. 

Also, let's be honest, 5.4m accounts is almost laughable small with only couple percentages actually being affected, for instance, up trough the years i have created multiple twitter accounts, some of which i never use anymore, but when i tried searching for them using the emails or handles, i got no results. maybe this is due to it seems the people literally started scraping the API from the start incrementally, so it never got to any of mine, but still, it's not that much in all scheme of things considering twitter latest numbers are close to 250mil.

Edited by kazukidevnull
Link to comment
Share on other sites

However, as mentioned in the article which OP posted, it seems there's even larger twitter leak floating around which affect 17m accounts that may contain more sensitive information then then ones mentioned earlier using the same vulnerability which gave more access to information then i initially though, so i expect to see more twitter related leaks in the future.

 

Also, it have come to my attention to while majority of the entries listed and the ones i viewed(which was a couple couple hundreds) did not contain any entry field for phone numbers, it seems the entry field is not present unless a phone number is present and thus i believed in error that it did not contain any phone numbers, however, after doing a simple grep for "phone" on the file, it only returned around 190.954 entries with a phone number, which is not just a few but not that many in scheme of all things.

despite the information mentioned above, my initial assessment of this current leak of 5.4m accounts remains the same with it being more a risk to privacy then actually security with a slight increase of privacy risk but not enough to justify to change it from medium risk.

Edited by kazukidevnull
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...