28 November 2022

5.4 million Twitter users' stolen data offered for free on hacker forum


5.4 million Twitter users' stolen data offered for free on hacker forum

More than 5.4 million Twitter user records containing data stolen via an API vulnerability fixed in January have been leaked for free on a cybercriminal forum. Furthermore, it appears that there may be another, even larger data damp, containing about 17 million Twitter user’s records obtained via the same vulnerability, according to tech news site BleepingComputer.

In July, reports emerged that the private information of over 5.4 million Twitter users was put up for sale on a hacking forum for a price of $30,000. The database contained both public information like Twitter IDs, names, login names, locations, and verified status, and the private data, such as phone numbers and email addresses.

In addition to the 5.4 million records for sale, there were also an additional 1.4 million Twitter profiles for suspended users collected using a different API, bringing the total to almost 7 million Twitter profiles containing private information, BleepingComputer reports.

Starting September, the same 5.4 million Twitter records were observed being shared for free on a hacking forum.

As for the new, previously unknown data dump, disclosed by a security researcher, it allegedly contains information of tens of millions Twitter users in the US and EU, including personal phone numbers, as well as public information.

Twitter has yet to comment on this alleged breach.

Back to the list

Latest Posts

Russia-linked Nodaria APT adds new Graphiron infostealer to its toolkit

Russia-linked Nodaria APT adds new Graphiron infostealer to its toolkit

The new infostealer was observed in attacks targeting Ukrainian organizations.
8 February 2023
CISA releases tool to recover encrypted VMware ESXi servers

CISA releases tool to recover encrypted VMware ESXi servers

According to CISA’s list of bitcoin addresses, over 2,800 ESXi servers have been encrypted to date.
8 February 2023
Threat actors target Ukrainian government agencies with Remcos spyware

Threat actors target Ukrainian government agencies with Remcos spyware

The attack involves a phishing email ostensibly sent by Ukrtelecom, a major Ukrainian internet service provider.
8 February 2023