At least 5.4 million Twitter user records were reportedly stolen. The data was stolen through an internal fault and posted online on a hacker forum.
The frequency of cyber attacks is increasing globally as technology advances. For example, at least 5.4 million Twitter user records were reportedly stolen. They were stolen through an internal fault and posted online on a hacker forum. This occurred only a few days after a significant data loss at the Meta-owned instant messaging service WhatsApp was announced.
A second Twitter application programming interface (API) was used to gather a further 1.4 million Twitter profiles, which were purportedly exchanged discreetly among a small number of persons in addition to the 5.4 million data for sale online.
The story was first broken on the platform through security expert Chad Loder, who was quickly suspended from the firm.
“I have just received evidence of a massive Twitter data breach affecting millions of Twitter accounts in the EU and the US. I have contacted a sample of the affected accounts, and they confirmed that the breached data is accurate. This breach occurred no earlier than 2021,” Loder posted on Twitter.
NEW: Twitter accused of covering up data breach that affects millions
Chad Loder, who is the founder of cyber security awareness company Habitu8, was suspended from Twitter after warning users of the alleged data breach.
— Murph (@murphtracks) November 25, 2022
According to a news panel, the vast amount of data also includes scraped public data along with other things. The details includes private phone numbers and email addresses that are not intended for public use.
Data leak occurred after Musk bought Twitter 2.0
The data leak occurred shortly after Musk unveiled Twitter 2.0, dubbed “The Everything App,” claiming that the number of new users had reached an all-time high and that the firm is currently actively hiring.
Using a patch for a Twitter API vulnerability, the private information data was taken in January of this year. According to the study published on Sunday, this data was gathered in December 2021 via a Twitter API vulnerability that was made public through the HackerOne bug bounty program.
The majority of the information was openly available for everyone, including Twitter IDs, names, login names, locations, and verified status. In addition, private information like email addresses and phone numberswas also included.
The social media platform and Musk have yet to respond to the report.
Pompompurin, the Breached hacker forum’s owner,told BleepingComputer that “they were responsible for exploiting the issue. Additionally, making a large dump of Twitter user details after another threat actor identified as “Devil” shared the vulnerability with them,” as per to the article.
The study also claims that the same vulnerability was used for the same purpose. In addition, it was used to create an even more extensive data dump than the 5.4 million records that hackers posted online.
“We were told that it consists of over 17 million records but could not independently confirm this,” said the report.