The email addresses and usernames of more than 200 million people have been posted.
According to reports from security researchers and media outlets, the credentials were compiled from a number of previous incidents. The database doesn't include users' passwords, but it is still a security threat.
The co- founder of Hudson Rock said in a post that the leak was one of the most significant he had seen. It will inevitably lead to a lot of hacking.
Estimates of the number of users affected vary because of the tendency for large-scale data dumps to include duplicate records. The database shared by BleepingComputer has a number of text files listing email addresses and linked usernames, as well as users' real names, if they shared them with the site. BleepingComputer said it had confirmed the validity of many of the email addresses listed in the leak and that the database was being sold on a hacking forum for $2.
Troy Hunt, creator of the cybersecurity alert site Have I Been Pwned, analyzed the incident and shared his conclusions on his social media accounts.
Anyone can go to the Have I been Pwned website and enter their email address to see if it is in the database.
According to The Washington Post, the origin of the database may have been traced back to the year 2021. The flaw made it possible for malicious actors to enter email addresses and phone numbers in order to find out if they were associated with a social networking site.
The issue was fixed in January of the year after it was reported as a bug bounty, according to the company. The company claimed at the time it had no evidence to suggest someone had taken advantage of the vulnerability, but experts had already spotted databases ofTwitter credentials for sale. This year's most recent database of more than 200 million accounts seems to be the result of a years-old vulnerability that went undetected by the social media company for seven months.
It is not the first time that the data of its users has been compromised. The company is being investigated by both the FTC and the EU for the same security issues. In August of last year, Peiter "Mudge" Zatko, the former head of security at the company, filed a complaint with the US government, accusing the company of covering up "egregious deficiencies" in its security.