'Bad Actors Have Won The Jackpot': Twitter Hack Exposes Data From Over 200 Million Accounts The data contains Twitter usernames and email addresses associated with the accounts — and could pose an enormous security risk.

By Gabrielle Bienasz

Opinions expressed by Entrepreneur contributors are their own.

NurPhoto / Contributor I Getty Images
Twitter.

An apparent Twitter hack exposed the personal data from over 200 million Twitter accounts, and that information is easily available on the dark web, according to multiple news reports.

The leak reportedly contains a combination of names, usernames, and email addresses. It was posted on the dark web on Wednesday, by a user with the name "StayMad." You can purchase it for about $2 in cryptocurrency, per Gizmodo.

The leak comes from a vulnerability in Twitter's systems that was likely accessed in 2021. The error has now generated an enormous database of information on users that could have security implications ranging from individual hacks to backlash against anonymous and high-profile accounts on the platform.

"Bad actors have won the jackpot," said Rafi Mendelsohn, vice president of marketing at Cyabra, a company that monitors and mitigates misinformation online, per CNN.

The flaw was first highlighted publicly in July 2022, when some 5 million Twitter users and email accounts were claimed to have been obtained and then posted online. The company promised to investigate. The leak also led to an investigation from Ireland's Data Protection Commission.

But the database could have been created using the same vulnerability earlier than that, likely towards the end of 2021, per The Washington Post. With the gap, a hacker could feed Twitter's API an email address, and the system would reveal if the email or phone number was associated with a Twitter account, said Jamie Boote of software security company Synopsys, per Bloomberg.

This process was then automated, generating an enormous database of information linked to Twitter accounts.

Twitter also said it stopped the problem, but it was too late for this database.

This is an issue for a host of reasons. The hack could be used to get into accounts that are not Twitter, particularly if some of the information is the same or similar, per CNN.

Essentially, it's not just about usernames and emails.

"Previously private data such as emails, handles, and creation date can be leveraged to build smarter and more sophisticated hacking, phishing and disinformation campaigns," Mendelsohn added to the outlet.

In any case, the data set has already been circulated around and sold privately, Alon Gal, of Hudson Rock, a security company based in Israel, told the Post.

Elon Musk purchased Twitter in October and later laid off half of its staff, resulting in concerns over things like hate speech moderation or the viability of Twitter Spaces.

But the company's security issues actually go back much further.

Related: Elon Musk Slams Twitter Employees With Ultimatum: Prepare to Work 'Extremely Hardcore' or Leave by Thursday

Twitter settled with the Federal Trade Commission (FTC) in 2011 over "charges that Twitter deceived consumers and put their privacy at risk by failing to safeguard their personal information," the agency wrote at the time.

"Twitter has engaged in a number of practices that, taken together, failed to provide reasonable and appropriate security to: prevent unauthorized access to nonpublic user information and honor the privacy choices exercised by its users in designating certain tweets as nonpublic," the agency said in its complaint.

The FTC required compliance issues from Twitter such as independent audits.

But in a stunning whistleblower document and testimony before Congress in September, Peiter "Mudge" Zatko, who was a security chief at Twitter, said the company had severe security issues — and that it wasn't complying with its agreements with the FTC. This, as CNN noted, is a serious violation.

"Mr. Zatko's allegations are riddled with inconsistencies and inaccuracies," a Twitter spokesperson told CNBC at the time. (Post-acquisition, the company's communication staff were all laid off).

Per CNN, a security expert, Troy Hunt, said he reviewed the data and found over 200 million email addresses. Entrepreneur was not able to independently verify the leaked data. The Post reported that researchers said there were 235 million leaked accounts. It's difficult to nail down the exact number because data leaks like these often have duplicates, per The Verge.

According to the Post, this data could be used to identify anonymous critics of governments who censor or retaliate against critics. (China is one example of such a country.) It could also be used to hack and export high-profile accounts.

To be cautious, however, users can take a few measures to protect themselves, per Bloomberg: Change your password and email address and add two-step verification.

After the July phone number and email leak, Twitter recommended removing identifiable or publicly known email addresses or (phone numbers) from an account that you want to stay anonymous, the outlet noted.

Gabrielle Bienasz is a staff writer at Entrepreneur. She previously worked at Insider and Inc. Magazine. 

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Starting a Business

"Nothing Is Obvious the First Time": How This Serial Entrepreneur Is Redefining Sports Media with On3

On3 founder and serial entrepreneur Shannon Terry shares his thoughts on the evolving sports media landscape and his insights on building and growing a business from personal experience.

Business Ideas

70 Small Business Ideas to Start in 2025

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2025.

Growing a Business

What Our Digital World Is Missing — and How I Turned It Into $100 Million After Dropping Out of High School

I went from high school dropout to $100 million CEO by sticking to one very important learning principle.

Business News

Walmart Is Laying Off Hundreds, Relocating Others as the Company Closes a U.S. Office

Walmart is giving some employees at least a month to decide if they want to relocate.

Growing a Business

This Charleston Hotspot Found an Inflation Loophole That Helps It Avoid Rising Food Costs – Here's Its Secret

Miller's All Day partners with local farmers to combat rising inflation costs and thrive in Charleston's competitive restaurant scene.