5.4 million Twitter users' data leaked online, includes phone numbers, emails

The massive data consists of scraped public information as well as private phone numbers and email addresses that are not meant to be public, reports Bleeping Computer.

IANSUpdated: Monday, November 28, 2022, 12:46 PM IST
article-image
5.4 million Twitter users' data leaked online on hacker forum, includes phone numbers, emails | Photo: Pixabay

As Elon Musk goes gaga over transforming Twitter, at least 5.4 million Twitter user records have been stolen via an internal bug and leaked online on a hacker forum.

In addition to the 5.4 million records for sale online, there were an additional 1.4 million Twitter profiles collected using a different Twitter application programming interface (API) that have reportedly been shared privately among a few people.

Leaked data include personal details

The massive data consists of scraped public information as well as private phone numbers and email addresses that are not meant to be public, reports Bleeping Computer.

Security expert Chad Loder first broke the news on Twitter and was suspended soon from the platform.

"I have just received evidence of a massive Twitter data breach affecting millions of Twitter accounts in the EU and the US. I have contacted a sample of the affected accounts and they confirmed that the breached data is accurate. This breach occurred no earlier than 2021," Loder had posted on Twitter.

How was the data stolen?

The data containing non-public information was stolen using a Twitter API vulnerability fix in January this year.

This data was collected in December 2021 using a Twitter API vulnerability disclosed in the HackerOne bug bounty programme, the report said on Sunday.

Most of the data consisted of public information, such as Twitter IDs, names, login names, locations, and verified status.

It also included private information, such as phone numbers and email addresses.

Musk or Twitter were yet to comment on the report.

Pompompurin, the owner of the Breached hacking forum, told BleepingComputer that "they were responsible for exploiting the bug and creating the massive dump of Twitter user records after another threat actor known as 'Devil' shared the vulnerability with them," the report mentioned.

More to be expected

As hackers released 5.4 million records online, an even larger data dump has allegedly been created using the same vulnerability, according to the report.

"We were told that it consists of over 17 million records but could not independently confirm this," said the report.

(If you have a story in and around Mumbai, you have our ears, be a citizen journalist and send us your story here. )

(To receive our E-paper on WhatsApp daily, please click here.  To receive it on Telegram, please click here. We permit sharing of the paper's PDF on WhatsApp and other social media platforms.)

RECENT STORIES

Budget 2023: Railway budget to focus on incomplete projects, big push for Make in India

Budget 2023: Railway budget to focus on incomplete projects, big push for Make in India

Maruti Suzuki CFO says, semiconductor shortage continues to impact production

Maruti Suzuki CFO says, semiconductor shortage continues to impact production

Budget 2023: Evolution of the budget briefcase from Gladstone box to iPad

Budget 2023: Evolution of the budget briefcase from Gladstone box to iPad

Shark Tank India Season 2: Sharks invest Rs 34.63 crores invested in so far, Namita Thapar continues...

Shark Tank India Season 2: Sharks invest Rs 34.63 crores invested in so far, Namita Thapar continues...

India has third highest number of startups, says Union Minister G Kishan Reddy

India has third highest number of startups, says Union Minister G Kishan Reddy