A new report reveals the free release of information stolen from 5.4 million Twitter users and a larger data leak on the social network.
Information on more than 5.4 million Twitter users, including non-public information, has now been released for free through an API vulnerability that was put up for sale a few months ago. Additionally, in a larger data breach, 17 million data records including users’ phone numbers were allegedly extracted from the social network.
In July of this year, a hacker put the information of more than 5.4 million Twitter users up for sale for $30,000. In addition to public data such as Twitter ID and user location, this information also included private data such as phone number and email address. Now the same information has been shared for free in a hacker forum.
The owner of this hacker community, nicknamed Pompompurin, confirmed that this information is the same as the summer season and includes the information of 5,485,635 Twitter users. Among the data in this package, we can mention the email, phone number, Twitter ID, name, geographic location, number of followers, account creation date, and profile picture of people.
Twitter’s data leak continues with this API vulnerability
Additionally, the said vulnerability apparently led to a larger data leak. In this big leak, there are tens of millions of information records of Twitter users, including their phone numbers and IDs. The news of this information leak was published by a security expert named Chad Loder on Twitter, but he lost his access to this social network shortly after.
Later, “Lader” published an example of this information while distorting part of the data on Mastodon’s social network. The website BleepingComputer has managed to confirm the authenticity of the data contained in the data leak, which includes the phone numbers of 1,377,132 users in France.
This website says it has been informed that this information leak includes files by country and geographical codes. The database is rumored to contain more than 17 million data records, but BleepingComputer has not independently verified this claim.
Given that hackers can use these attacks for social engineering and phishing attacks if you’re a Twitter user, it’s best to pay extra attention to incoming anonymous emails and messages.