Twitter data breach exposes millions of email addresses
Users’ email and phone numbers have been leaked after the vulnerability.
Twitter warned of an API vulnerability in August but said there was “no evidence” of a data breach. That’s no longer the case.
A new report from BleepingComputer confirms that user records stolen from that breach are now available for free on a hacking forum.
BleepingComputer explains that the breach occurred in December 2021. Threat actors sold the information in July on a hacking forum for $30,000.
The majority of the data acquired in the vulnerability was public. Things like Twitter IDs, names, login names, and other public information were easily accessible through the API vulnerability.
However, the breach also surfaced private information, such as email addresses and phone numbers. That information was subsequently sold, as it could be used for phishing and other scams.
And now a leaker has dumped all that private information on another hacking forum for free. That’s 5.4 million Twitter profiles whose email addresses and phone numbers are now free to hackers.
Another much larger data breach was allegedly created thanks to the same vulnerability.
Chad Loder, a security expert, recently posted evidence of a “massive Twitter data breach” on Mastadon. (They originally posted on Twitter, but Twitter banned them shortly after for unknown reasons).
This breach comes from the same vulnerability. Though BleepingComputer confirmed with the original leaker that another threat actor was responsible for this particular dump.
This time, the breach supposedly contains more than 17 million records broken up by country and area codes. That could leave tons more people vulnerable to harm from phishing scams.
Be wary if you get any emails regarding your Twitter account in the future. Be sure not to share any information unless you are absolutely sure the source is reputable. And go ahead and update your passwords.
Have any thoughts on this? Carry the discussion over to our Twitter or Facebook.
- Twitter DMs are getting encryption, says Elon Musk
- Musk unbans Donald Trump but don’t expect him back on Twitter
- ‘Post’ wants to be Twitter without the character limit
- This secret Facebook tool removes your phone number and email