Reports at The revelation that hackers stole data from over 400 million Twitter users at the end of 2022 was confirmed by researchers. Researchers now believe that an extensive circulated list of email addresses that is linked to more than 200 million users may be just a refined version, with the duplicate entries deleted. While the social network is yet to comment on the huge exposure, researchers now believe that the large cache of data clarifies both the gravity of the leakage and the potential risk for those most vulnerable.

Between June 2021 and January 2022 there was an API bug that enabled attackers to send email addresses, as well as receive the associated Twitter accounts, if they were found. Before it was patched, attackers exploited the flaw to “scrape” data from the social network. While hackers couldn’t access sensitive passwords and information such as DMs via the bug, attackers used it to expose the link between Twitter accounts. These are usually pseudonymous and include email addresses and telephone numbers. This could potentially allow them to identify users.

Multiple actors were able to exploit the vulnerability while it was still live in order to create different data collections. The email addresses and telephone numbers of approximately 5.4 million Twitter users were among the ones that circulated in criminal forums. It appears that the trove only contains email addresses. There is a risk of identity theft and phishing, as well as widespread dissemination, that the data will be circulated widely.

WIRED asked Twitter for comments but did not receive a reply. The company wrote about the API vulnerability in an August disclosure: “When we learned about this, we immediately investigated and fixed it. At that time, we had no evidence to suggest someone had taken advantage of the vulnerability.” Seemingly, Twitter’s telemetry was insufficient to detect the malicious scraping.

Twitter isn’t the first to allow mass scraping of data through API flaws. This is a common scenario that leads to confusion over how many data troves actually exist because of malicious exploit. They are nevertheless significant because they provide more validation and connections to the vast amount of stolen data about criminals.

“Obviously, there are multiple people who were aware of this API vulnerability and multiple people who scraped it. Different people could have scraped different items. Are there any other troves out there? It kind of doesn’t matter,” says Troy Hunt, founder of the breach-tracking site HaveIBeenPwned. Hunt used the Twitter data to create HaveIBeenPwned. Hunt claimed that it contained information on more than 200 million accounts. 98% of the emails had been compromised in previous breaches that HaveIBeenPwned recorded. Hunt claims he also sent notifications emails to almost 1,064,000 subscribers of his email service, which has 4,400,000,000,000 million.

“It’s the first time I’ve sent a seven-figure email,” he says. “Almost a quarter of my entire corpus of subscribers is really significant. This was all out there so I doubt this will have a huge impact. It may also de-anonymize individuals. The thing I’m more worried about is those individuals who wanted to maintain their privacy.”

Digital swindles like Criminals make billions from romance and business email scams. And they all start with a little bit of “social engineering” to trick a victim into doing something disadvantageous, whether that’s trusting someone they shouldn’t or sending money into the void. Now, a new variation of these schemes, known as “pig butchering,” is on the rise, ensnaring unsuspecting targets to steal all of their money and operating at a massive scale thanks in large part to forced labor.

Scams involving pig butchering originated in China. They are now known as the Chinese translation of the phrase shāzhūpán because of an approach in which attackers essentially fatten victims up and then take everything they’ve got. These schemes are usually cryptocurrency-based, but they could also involve financial trading. 

Cold-contact scammers use SMS messaging or other forms of communication to contact people. Often they’ll simply say “Hi” or something like “Hey Josh, it was fun catching up last week!” If the recipient responds to say that the attacker has the wrong number, the scammer seizes the opportunity to strike up a conversation and guide the victim toward feeling like they’ve hit it off with a new friend. Once they establish a rapport with the victim, they will tell them that the attacker has been investing a lot in crypto-currency and encourage the target to get involved.

After convincing the target, the fraudster sets them up using a fraudulent app or website platform. This may appear trustworthy but could even pretend to be legitimate financial institutions. The portal allows victims to view real-time market data, which is often used to demonstrate the investment’s potential. And once the target funds their “investment account,” they can start watching their balance “grow.” Crafting the malicious financial platforms to look legitimate and refined is a hallmark of pig butchering scams, as are other touches that add verisimilitude, like letting victims do a video call with their new “friend” or allowing them to withdraw a little bit of money from the platform to reassure them. This is the same tactic used by scammers in old Ponzi schemes.

Although there are new twists to the scam, you still can see where it’s headed. The attackers will shut the account down and make off with all the cash and any loans they are able to get.

“That’s the whole pig butchering thing—they are going for the whole hog,” says Sean Gallagher, a senior threat researcher at the security firm Sophos who has been tracking pig butchering as it has emerged over the past three years. “They go after people who are vulnerable. People who suffer from long-term illness, are elderly, or feel lonely are some of their victims. They want to get every last bit of oink, and they are persistent.” 

While it takes some communication and relationships building to get pig butchering scams under control, research shows that China’s crime syndicates created playbooks and scripts which allowed them the ability to transfer large scale work onto victims of human trafficking or inexperienced scammers.