200M+ Twitter Users’ Email Addresses and 250M+ Deezer Users’ Information Leaked Online

On a well-known hacker forum, a data leak containing the email addresses of 235 million Twitter users was made public. 

Data from 5.4 million Twitter users collected from numerous threat actors and combined with information from other breaches were made available in November. 

Another Twitter data leak made headlines in December when a threat actor attempted to sell data on 400 million Twitter users. 

As of now, a threat actor made available on Breach Forums for eight credits (worth approximately $2) a data archive containing the information of 235,000,000 users.

According to reports, this data set is identical to the 400 million sets in circulation in November. Still, it has been cleaned up to remove duplicates, bringing the total down to 221,608,279 lines. However, some analyses also supported the existence of duplicates in this most recent data leak. 

According to BleepingComputer, this data leak does not reveal whether an account is verified, unlike previous leaks of data gathered using this Twitter API flaw. 

Although not all of the information has been verified, the email addresses of many of the listed Twitter profiles have. 

Threat actors compiled enormous lists of email addresses and phone numbers that had previously been compromised in data breaches in 2021. 

The scrapers then feed these lists into the API bug to determine whether your phone number or email address is associated with a Twitter ID.

If your email address is only used on Twitter and has not been involved in other data breaches, it will not be fed into the API bug and added to this data set. 

250M+ Deezer Users’ Information Sold and Leaked After Data Breach

Deezer, a known music streaming service, has confirmed a data breach affecting more than 250 million customers. The information from the data breach was sold and eventually leaked publicly on a dark web forum.

On its platform, Deezer issued an advisory to clarify the situation, stating that threat actors obtained the information from a third party that experienced a data breach incident in 2019. The company also stated that they have worked with a different third party since 2020. 

The stolen data are full names, genders, birthdates, email and IP addresses, locations, user IDs, and join dates. According to Deezer, attackers took no passwords or payment information. 

SOCRadar discovered the initial sale posting on a hacker forum from early November, in which the hacker claimed to have a 60GB file containing over 250 million records, 228 million unique email addresses, and logged sessions.

They released a sample of 1 million stolen records in the post before updating it to a sample of 5 million lines. 

Pompompurin, the administrator of the Breached forum, published a public leak post about the database on December 23. They also stated that the database is actually 262.79GB in size when uncompressed.

The majority of the data comes from users in France and Brazil. However, there are also user records from the United Kingdom, the United States, Germany, Mexico, Columbia, Italy, Turkey, and Guatemala.

SOCRadar’s Threat Hunting module has alerted customers about the Deezer leak. Each time there is an alarm that may concern your organization, a brief description is available in the category.

Regularly Monitor the Dark Web for Data Leaks

Data breaches are common on social media sites like Twitter, Facebook, and Instagram because they have millions of users’ information from all over the world, including your clients’. Threat actors frequently exploit the widespread use of any platform for cybercrime, phishing, identity theft, and other fraud or the spread of false information that harms brands’ reputations. 

See our module for Credentials & Data Leak Detection. SOCRadar monitors the entire web for data leaks involving your customers or organization and notifies you in the event of an occurrence. SOCRadar’s Breach Database includes more than 10 billion records from breach markets, leak data sets, and combolists. You can check if any records match your information at SOCRadar Labs.

With the added visibility and control over social media threats provided by SOCRadar’s Brand Protection, you can identify and respond to these threats in real-time.