Twitter: check if your email address is among the 200 million leaked
Over 200 million email addresses were copied from Twitter in early 2023. News of the leak broke when the email addressed turned up in a hacking forum.
Active Twitter users and those who signed up for the messaging service in the past, but have not used the service actively for some time, may want to know whether their email address was included in the leak.
The data appears to have been obtained in 2021. The malicious actor abused an API that allowed "email addresses to be resolved to Twitter profiles".
The popular Have I Been Pwned website added the over 200 million email addresses to its database. Any user may check if a particular email address was included in the leak.
To check, simply visit the website linked above and enter the email address that you want to check. The site reveals if the email address was leaked in the Twitter hack or in any of the other password databases that it is aware of.
Note that the Twitter password was not included in the leak. Malicious actors may use the information for a number of activities, including:
- Sending out phishing emails. Since email addresses, user names, names and other account information leaked, these may be used to make the phishing emails look more authentic.
- Brute force attacks to get into certain accounts.
- Other social engineering attacks, e.g., through chats and maybe even regular mail.
Some password managers collect public leak databases to inform their customers and users about leaked passwords. Users of the free local password manager KeePass, for instance, may check their passwords locally against the Have I Been Pwned database. Several online password managers and password managers of web browsers include similar functionality.
Now You: do you use email forwarding services or password leak checkers?Advertisement