Submitted 1 day ago by Tea@programming.dev to technology@lemmy.world
https://www.techzine.eu/news/security/130150/massive-x-data-leak-affects-over-200-million-users/
A self-proclaimed data enthusiast calling themselves ‘ThinkingOne’ has made a huge database containing 201 million pieces of user data from X freely available. The data is said to have come from two previous leaks and includes email addresses, locations and profile data of users of the social media platform.
I think they mean 40 million users and 160 million bots.
Seems like a dedicated person might be able to prove that. Go through the available data and see what % of leaked accounts actually point to a real person, or even a unique person. If it’s mostly bots you’d see that pretty quick
Check how many accounts pushing republican propaganda only post during St. Petersburg business hours… 🙃
This is why I gtfo when Elon took over. I knew something like this would happen.
Exactly this. We knew that everything would get shaky after he fired all those people and a data leak is the consequence
Quick everyone do their banking on it!
this leak has proven in the past to be fatally dangerous to anonymous activists fighting tyrant governments all around the world. let’s hope it does not fall into the wrong hands
If you use anything but TOR together with spoofed VPNs for “activism” against a government that would jail/kill you, you are being reckless.
If you use X for your activism, you’re not an activist you’re a fed honeypot.
It’s not realistic to expect your average civic minded person to also have such operational securitt. Instead the bad actors who threaten them should found, exposed, dismantled, persecuted with extreme prejudice
Imagine being stupid enough to use x.com for your activism 🙄
It fell into the wrong hands 3 years ago. If those people failed to recognize the danger they put themselves in by continuing to use the platform they are shit out of luck cause Musk will never take responsibility.
Thoughts and prayers
That’s like, 400 actual non-bot accounts. Nobody is safe anymore!
Massive X data leak affects over 200 million products.
FTFY.
Massive X data leak affects over 200 million bots.
So what is that, like 6 or 7 people?
A sock for every puppet.
It also includes the people that deleted the Twitter accounts following the acquisition. I’m one of those people and I’m especially annoyed because I only used that blasted app only to register to some giveaways when I was in middle school. I have since discontinued that email account, but still.
If it had happened now, that figure might be accurate. However, this was originally exploited in 2022, so it’s probably pretty bad.
He sent his tech bros in to fix the database. Now they’ll use the same skills to fix the SS databases.
Someone should check the email and phone number of Adrian Dittman to see if they match Elon’s. Idiots can argue that it isn’t Elon despite speech pattern evidence, but it’s harder to argue when both of them share the same identifying info.
I thought he fessed up to that
Who is/was Adrian Dittman? Out of the loop of Twitter drama.
i am pretty sure Dittman is a real person techcrunch.com/…/bad-news-for-adrian-dittman-elon…
Yeah, I know there was a story in that Spectator magazine. I’m still not sold. Dittman said way too many stupid things that point to him being Elon.
How many of them are Elmo’s alt-accounts?
Yes
Or this could be publicity stunt “look how many users we have, many users, beutifull users like never before, nobody knew how many users as there”.
I still can’t believe Xerox still has that many users
lmaoooo
In July 2022, Twitter confirmed that someone had exploited the vulnerability before it could be fixed. “After reviewing a sample of the data offered for sale, we confirmed that a malicious party had taken advantage of the problem before it was addressed,” Twitter stated at the time.
lol
lol
Anyone know where these files where originally posted?
I was just about to ask. I know that there was a clearnet site for data breaches but that’s since been taken by the DOJ.
I imagine there’s an onion site but my onion experience is very little to know where to even begin to look. My searches on torch found very little.
I would like to know this too but all I see is many variations of the same joke in this comment section.
Bluesky people why are people still using Twitter? :)
Bluesky will be in the same boat given enough time. Mastodon is the only proper stand-in for twitter.
OK but it’s not even remotely close today.
I’ve been on mastodon for 8 years and it’s ok but it can’t catch the masses. It has been paralyzed from advancing by a vocal minority.
It shouldn’t take 6 years to get search and quote posts. They also need optional algorithmic feeds.
Mastodon is much better and resistant to enshittification. Bluesky is not federated or decentralized.
Fucking heros
mbirth@lemmy.ml 1 day ago
Another example of where it pays off to have separate email addresses/aliases for every website/service you use.
otacon239@lemmy.world 1 day ago
I think it pays even more to not use X
adry@piefed.social 1 day ago
That's re-victimization. People do people stuff, like using social networks. Furthermore, the database probably goes as far as previous being bought and renamed by Musk. So... you're note being fair.
joshchandra@midwest.social 1 day ago
Wait, so you literally have hundreds of accounts? How do you manage them all?
mbirth@lemmy.ml 1 day ago
My email provider allows for unlimited aliases. So, while I have 600+ email addresses, emails to them all end up in the same mailbox.
The accounts for all the websites and services (with their specific email address) are in a KeePass database and they all have random passwords, too.
The only small issue is when you have to contact support of some service. Then, I have to configure the specific email address in my client so they can match that to my account with them. But most email clients allow multiple sender addresses without having to fiddle with the rest of the settings.
CatZoomies@lemmy.world 1 day ago
This is what I do as well. I purchased my own custom domain name and run aliases off it using Addy. So as an example, an email for an online account would look like: ‘random9.words@mycustomemail.com’
Then I feed these accounts into a password manager so I don’t have to remember them.
All the aliases forward mail directly to my main inbox. Companies never see what my real address is. If I get spam, I know which company either sold my data or leaked my data. I can then take action by simply turning off that email alias and then spinning up a new one.
The best thing about owning your custom domain is that you’re in control and never have to change your email addresses. If I want to move to a new email provider, I can easily do that. The process, simplified:
NikoWantToGoBowling@lemm.ee 1 day ago
Password manager plus an emailing alias service. Protonpass integrates with SimpleLogin but there’s also ones like Firefox relay and anomaly (all open source)
suicidaleggroll@lemm.ee 1 day ago
Yes, and Bitwarden+SimpleLogin. Bitwarden to keep track of login info including the alias that is used for that site. SimpleLogin is where the aliasing is actually handled, they have a decent UI for enabling/disabling or generating reverse aliases (for outgoing emails) when needed.
It does take a little more effort to manage it, but it’s worth the payoff. I’ve been using this setup for about 9 months now and I finally got my first spam email a week ago. I looked at the address it was sent to, it was a site I ordered something from about 6 months ago. I sent them a message letting them know that either someone at their company is selling customer info to scammers or their database has been leaked, then I shut off the alias.
ploot@lemmy.blahaj.zone 1 day ago
My email provider will auto-generate aliases with no limit, and I also subscribe to Mozilla Firefox Relay, which allows me to invent email addresses on the fly and have them relay emails to my inbox. The advantage of the Firefox Relay is that it isn’t tied to the email provider so if I switch provider the aliases can still work.
zugzwang@lemmy.dbzer0.com 1 day ago
I use addy.io
Ideonek@lemm.ee 1 day ago
Proton Pass has a feature exactly for that. You can create unlimited number of aliases, and kill ones that bacame compromised.