An old API vulnerability has been the reason for a data leak of 5.4 million Twitter users in a hacking forum. This leak included a massive amount of Twitter records as per security researcher.
The Twitter data breach had information including mobile numbers and email addresses.
In July, an anonymous user started selling personal data of 5.4 million Twitter users for $30,000 USD. It appears most of the data sold in the hacking forum had publicly scraped data including locations, login credentials, verified status, and more.
This Twitter data breach was scraped using a Twitter API vulnerability that allowed users to have alternate sign-in options using phone numbers and email addresses.
This data is then manipulated to obtain all the publicly available information about a user. Twitter also did confirm their data breach and mentioned it happened on Jan 2022.
Along with 5.4 million user records, it seems an additional 1.4 million records were identified that belonged to suspended user accounts leading to a leakage of 7 million records in total. Instead of selling this data on the dark web, users are sharing the same on hacking forums for free.
Totally different from the 7 million data leaked earlier, a new data dump with tens of millions of Twitter users has been collected using the same API bug again with further data scraping done by the threat actors.
Chad Loder, a Security expert tweeted first about this and a disclosed a sample of this data breach on Mastodon.
Twitter needs to act better while handling vulnerabilities, as the same API vulnerability was used for further data scraping and its definitely not a great security practices from the social media giant.
Considering the massive operational and positional changes that’s happening within Twitter, this new data breach of millions of data will only increase the burden on the company as well as the users, as it is the user’s data that is at stake.
With this Twitter data breach, hackers can perform spear phishing and targeted attacks for further breaches.
If you’re a user reading this, try updating your credentials including passwords, phone numbers if possible and ensure you aren’t using the same ones elsewhere. Considering the data dump and Twitter’s not so serious security posture, nothing is secured and safe.
Recently, Google paid 392 million, followed by Meta paying $276 million in penalties for exploiting user data without their consent. And, Twitter’s data dump theft looks similar to that of Meta’s data scraping and it cost Musk and his newly acquired company a massive penalty if proven true.
Subscribe to our newsletter for daily alerts on cyber events, you can also follow us on Facebook, Linkedin, and Twitter.
You can reach out to us via Twitter/ Facebook or mail us at admin@thecybersecuritytimes.com for advertising requests.
Explore the top 5 best Microsoft Intune alternatives, comparing key features, user reviews, and capabilities…
Discover the top 7 smartphones of 2024 with best security features, offering privacy, performance, and…
Discover the top 11 log management tools for efficient system management and monitoring. Learn about…
Explore the top 5 threat intelligence tools, their features, and how they enhance cybersecurity against…
Explore the top 5 best PAM Tools, market trends, and expert insights to secure the…
Explore the top solutions for Apple Device Management including to iOS Device Management and macOS…
View Comments
As we know, almost all "sophisticated hacker attacks" and "data breaches" are inside jobs. Which one of the small army of purple-haired SJW special snowflakes, "non-binary" kiddie porn enthusiasts, mentally ill troons, and assorted shrill obnoxious weirdos who just got sent packing from Twitter melted down and did this as an act of spite? The list of suspects isn't long. Jail time IS in the offing for a crime like this, right? Right? It shouldn't be difficult to verify who had access to the data, and whose accounts it was moved through. Right?