Around 5.4 million Twitter user records have been stolen via an internal flaw and released publicly on a hacker forum amid the uproar and Elon Musk’s claims to upgrade and revolutionise the platform. In addition to the 5.4 million records for sale online, there were an additional 1.4 million Twitter profiles obtained via a different Twitter application programming interface (API). These stories were allegedly circulated discreetly among a small group of individuals.
The vast amount of data, according to Bleeping Computer, consists of scraped public information as well as private phone numbers and email addresses that are not intended for general use. Security expert Chad Loder, who was promptly suspended from the service, broke the news first on Twitter.
“I recently learned about a significant Twitter data breach that affected millions of US and EU Twitter accounts. I got in touch with a small number of the impacted accounts, and they confirmed that the stolen information is true. This hack did not happen until 2021, “Twitter had a post from Loder.
In January of this year, the data containing sensitive information was obtained via a patch for a Twitter API vulnerability. The paper that was released on Sunday claims that this information was collected in December 2021 via a Twitter API flaw that was made public through the HackerOne bug bounty programme.
The majority of the data, including Twitter IDs, names, login names, locations, and verified status, was publicly available. There was also private data like email addresses and phone numbers. Musk and Twitter have not yet commented on the report.
According to the article, Pompompurin, the owner of the Breached hacker site, told BleepingComputer that “they were responsible for exploiting the flaw and producing the big dump of Twitter user details after another threat actor designated as “Devil” shared the vulnerability with them.”
According to the analysis, an even larger data dump than the 5.4 million records put online was made using the same vulnerability. We were informed that it contained more than 17 million records, but we were unable to independently verify this, the report said. There was an online data breach involving 5.4 million Twitter users, and things will only get worse.