Twitter Got Hacked - Have I Been Pwned Email Received

CyberMurning on 06/01/2023 - 10:43
Last edited 06/01/2023 - 10:53 by 1 other user

just had email from "have i been pwned" that my email has been compromised due to Twitter got hacked in 2021.

company as big as twitter (in 2021 they were on top) can't protect our data? no wonder Elon sacked a lot of people obviously they just getting the salary without much work.

Mod: haveibeenpwned.com:

Twitter (200M): In early 2023, over 200M records scraped from Twitter appeared on a popular hacking forum. The data was obtained sometime in 2021 by abusing an API that enabled email addresses to be resolved to Twitter profiles. The subsequent results were then composed into a corpus of data containing email addresses alongside public Twitter profile information including names, usernames and follower counts.

Compromised data: Email addresses, Names, Social media profiles, Usernames

Internet

Related Stores

X (formerly Twitter)
X (formerly Twitter)

Comments

  • Switchblade88 on 06/01/2023 - 11:03
    +4

    'Hack' is a stretch. Sounds like the API was public, as was all the compiled data that the users themselves had uploaded.

    It was all just put together in a big spreadsheet.

  • ode1online on 06/01/2023 - 11:11

    I had an email from Twitter that someone had logged into my twitter from overseas last night.
    I changed my password this morning but could not see any logins other than my own in the sessions tab.

    "We noticed an attempt to log in to your account that seems suspicious. Was this you?"

    • barge-in hunter on 06/01/2023 - 12:41
      +3

      If I were dodgy, I would use the email addresses from the leak to send out a phishing email just like this - a fake “account compromised notification”

      • ode1online on 06/01/2023 - 14:04

        It was twitter, it come up in my notifications also.. But I know what you mean.

    • freefall101 on 06/01/2023 - 15:45
      +2

      Sounds like they attempted to log in but weren't actually able to, so they wouldn't show up in the session tab. Did the email include clicking something to verify it's you?

      I'd be worried about where they got the password from, if it's one you reuse time to reset every account. If it's unique and in your password manager, time to go do a lot of password resets.

  • treekangagaroo on 06/01/2023 - 11:16
    +1

    So with Elon at the top twitter is now hack proof ?

    • djsweet on 06/01/2023 - 11:31
      +2

      yes

      • treekangagaroo on 06/01/2023 - 12:05
        +1

        Good luck with that .

        • CyberMurning on 06/01/2023 - 12:23
          +1

          dj was too sweet to include /s on his/her post

    • CyberMurning on 06/01/2023 - 12:12
      -2

      we dont know. but probably (also just maybe) when elon came in he actually see lots of unnecessary roles etc etc or ppl just not working as hard (one of the proof now we have this breach that happened in 2021 when its all good for twitter, they have more than enough staffs, paid good money, etc)

      • treekangagaroo on 06/01/2023 - 12:16
        +1

        One thing for sure is (at least I believe) who ever it be at the top, or how big an organization hacks are going to happen. No company has such redundant mature process to double and triple check every individuals actions in the company. Elon himself has made lot of mistakes including buying twitter at that inflated price.

        Just look at apple now the gold standard in security and see how many vulnerabilities they need to close some.

      • jetblack on 07/01/2023 - 08:05

        Tell me you know nothing about organisational security without telling you know nothing about organisational security.

      • BigBirdy on 07/01/2023 - 08:15
        -2

        Musk is as full of himself as Trump. "Drain the swamp" actually means 'fill the swamp with Trump allies', and "Free speech" means 'anything allowed unless negative about Musk'.

    • iDroid on 06/01/2023 - 14:51
      -2

      Elon? No, Mr Beast is the head of twitter now.

  • djsweet on 06/01/2023 - 11:42

    The vulnerability that was exploited is that Twitter (for a time) exposed an API which allowed anyone to map an email address to a twitter user name. This is the extent of it. The state of the internet at the moment, it seems best practice is to use a unique email address for each unique service you sign up to. Ofc that is a massive inconvenience, but for critical services I think its worth while.

    • CyberMurning on 06/01/2023 - 12:14

      hmm make sense.
      so when i open ac with ANZ bank for example we should create new email say [email protected] just for this purposes ofcourse.

      • Switchblade88 on 06/01/2023 - 13:23

        Use [email protected], then any suffix after the plus sign will go to your existing [email protected] address.

        No need to have an entire new Gmail account

        • SBOB on 06/01/2023 - 13:32
          +3

          Still doesn't make your email "secret".
          Any hacker with that data set is going to easily filter out anything of the + or . variations in Gmail addresses (and use the base address if they are smart). It's like a 10s regex to turn it back into the root Gmail address.

          It does allow you add filters or grouping/identify that exact email but it's not going to hide your email identify from any actual decent "hacker" using the data set.

          Makes much more sense when it's your own domain though, as you then don't have an obvious root/base email within the 'known' information.

    • freefall101 on 06/01/2023 - 15:47
      +3

      For most throwaway accounts I use the duckduckgo email system. Generates a fake email account for each service.

      Granted, that will fall apart if they're ever hacked and someone can intercept all my emails, so I wouldn't use it for things like bank accounts.

    • Ultimate Gattai on 10/01/2023 - 00:58

      That sounds like too much effort unless you just have the other E-mail addresses redirect the E-mails to your main inbox. My current E-mail provider added 2FA via app which is much better security (before that, I knew that E-mail address had been hacked and I resorted to a huge non-nonsensical password to keep it secure), but they also broke compatibility with Firefox months ago and still haven't fixed it.

      If you're worried about the spam you might get, you can setup filters with most providers to just dump it in the trash before you even see it.

  • SBOB on 06/01/2023 - 13:14
    +6

    If, in 2023, you think your email address is private information….well, good luck to you :)

    The rest of the scraped info was public data anyway.

    But well done on somehow linking it to Elon being a saviour, I'm sure he'll definitely high 5 you now.

  • jizmo on 06/01/2023 - 13:24

    just had email from "have i been pwned" that my email has been compromised due to Twitter got hacked in 2021.

    So now your email is shitter

    Than before

  • troublebuster on 12/01/2023 - 17:08

    Signed up on twitter along with other social platforms, and now I'm getting a lot of unwanted emails

    • SBOB on 12/01/2023 - 17:14
      +3

      this 'breach' was 2 years ago. Why would you think they'd wait until now to use that data?

  • epaqgz on 25/01/2023 - 11:36

    Just put in a few random @gmail.com addresses to their website and test out, NOT to my surprise, most were "pwned" due to Adobe, Cit0day, … LOL

    At the end of day, doesn't matter whether pwned or not pwned, it's a created business case, to sell you their product.

Login or Join to leave a comment
Login Join