Cybercrime intelligence firm Hudson Rock confirmed on Wednesday that hackers had posted the credentials of more than 200 million Twitter accounts, including email addresses, phone numbers, and account names, onto an online hacking forum. A hacker known as “Ryushi” claimed responsibility for the cache and demanded $200,000 from Twitter in exchange for the data’s deletion.
BleepingComputer has confirmed the validity of many of the email addresses listed in the leak. The data sets were initially created in 2021 by exploiting a Twitter API vulnerability that allowed users to input email addresses and phone numbers to confirm whether they were associated with a Twitter ID. Twitter then issued a statement: