Twitter: check if your email address is among the 200 million leaked
Over 200 million email addresses were copied from Twitter in early 2023. News of the leak broke when the email addressed turned up in a hacking forum.
Active Twitter users and those who signed up for the messaging service in the past, but have not used the service actively for some time, may want to know whether their email address was included in the leak.
The data appears to have been obtained in 2021. The malicious actor abused an API that allowed "email addresses to be resolved to Twitter profiles".
The popular Have I Been Pwned website added the over 200 million email addresses to its database. Any user may check if a particular email address was included in the leak.
To check, simply visit the website linked above and enter the email address that you want to check. The site reveals if the email address was leaked in the Twitter hack or in any of the other password databases that it is aware of.
Note that the Twitter password was not included in the leak. Malicious actors may use the information for a number of activities, including:
- Sending out phishing emails. Since email addresses, user names, names and other account information leaked, these may be used to make the phishing emails look more authentic.
- Brute force attacks to get into certain accounts.
- Other social engineering attacks, e.g., through chats and maybe even regular mail.
Some password managers collect public leak databases to inform their customers and users about leaked passwords. Users of the free local password manager KeePass, for instance, may check their passwords locally against the Have I Been Pwned database. Several online password managers and password managers of web browsers include similar functionality.
Email forwarding services may help in cases like these. Services, like Mozilla's Firefox Relay, AnonAddy, SimpleLogin, or DuckDuckGo's email protection service may be used for that.
Now You: do you use email forwarding services or password leak checkers?
So is time to update version 9.70 or newest
I have accounts for registering to all kinds of BS that I don’t care if they fall in this list and accounts that I use for stuff like work that I very selectively use for anything.
Sometimes the throwaway e-mail services come in handy although I’ve noticed that some websites refuse throwaway e-mails for whatever reason.
I checked but found no way to tell the site the email wasn’t mine. lol.
I don’t have a Twitter account yet ‘Have I Been Pwned’ delivers results independently of the Website.
Of course as @Some1 (forgot who!) noted, such situations are those where “disposable/temp email” are so welcomed.
– email forwarding services : AnonAddy
– password leak checkers : never. I think it was the first time I checked with ‘Have I Been Pwned’ (the email was one of mine but please don’t repeat it to ‘Have I Been Pwned’).
– general privacy policy :
– Site registration : unique password and unique email (AnonAddy)
– Web services (newsletters, blogs etc.) : unique email (AnonAddy)
– Site registration – business, official business : unique password and true email alias (level4).
– Real life strangers : a dedicated true email alias (level3)
– Real life friends : dedicated true email alias (level2)
– Real life official business : true email (level1)
More confident in official business than in friends? Not really, it’s only that friends may nevertheless be totally unqualified in their email management and if so are more likely to have their data which includes my email be stolen than administrations and business companies : Is it odd that when money is involved the risk of data theft is lower? Lower than free services in statistical terms but never zero of course. When I see how some good friends handle their privacy on their devices I dare a risky comparison with a night in Red Light zone districts without condoms (one for each, like email, lol). Oops, I afraid I’ve been slightly rude. I beg your pardon.
No social sites, no registration, blocked system-wide. So Twitter is just another pawn, avoided.
Nice advices +100
I received an email this morning stating that I had been pwned. I don’t give a damn. I only use Twitter to check status updates when something is offline. There is nothing else noteworthy on Twitter.
This is why it is important to use disposable temp email for crap sites like Twitter.
Twitter is the worst thing that have happened to mental health ever. A friend of mine started to use it four months ago and he was very happy. Currently he is blocking dozen of political opinions, people insulting and threating him, disgusting and offensive content. In four months a smiling young man has become a suspicious one. He even has fear because he put his real photo in the confirmed account. Elon Musk please do close Twitter! Thanks for the article. :]
I can’t understand why anyone would use Twitter for anything except certain specific useful services (e.g., I have a home on an island and the freight boat provides automated Twitter location updates when the freight boat makes its various stops). I check Twitter using a browser which is set to delete all cookies on exiting, and have never even otherwise browsed the site. Why spend time interacting with obviously disturbed people in such an non-productive and unhealthy way? And why give social media sites personal information in the first place?
@Herman +1
Elon Musk bought it for political purposes.
@pHROZEN gHOST, if you were right then Musk is not as clever as he says.
He is not. He has too many companies to look over. He underpays his workers and makes them works long shifts.He cuts cost in areas that should not be cut. He easily makes enemies and so on.
He either spend all his time on Twitter and save it as the cost of losing all his other companies. Or he will have to give up. I suspect he loves twitter too much to even care.
John G Wrote “Elon Musk please do close Twitter!”
I very much doubt that, what about the advertising revenues lost? so not likely to happen, he may have brought in the kitchen sink but I can’t see him pulling the plug.
Although an insider/ outsider job to leak 200M+ accounts would mean a twitter reset with new T&C’s, account protection, (fill in the blanks) etc.. and get rid of Elon Musk’s initial gut feeling of insecurity within the twitter framework before purchase, whilst still getting the advertising revenues.
Planned devious transition period?
@microfix, sincerely I don’t understand why Musk bought Twitter and furthermore I won’t ever understand why Twitter hasn’t better control of violence and disturbed content. We deserve a better social media.
I’m thinking the main use for this will be people doxxing their political opponents, especially ones who expressed a lot of political opinions on twitter under a pseudonym. They’ll try to get them fired from their jobs and make them suffer other kinds of canceling. A lot of people have probably signed up for twitter using their work email addresses.