Twitter users’ data leaks online

Share post:

Utilizing API security flaws fixed in January, over 5.4 million Twitter user records containing non-public information were stolen through an internal bug and leaked online on a hacker forum.

Last July, malicious actors began selling the private information of over 5.4 million Twitter users on a hacking forum for $30,000 on a hacking forum.

The leaked data includes public information as well as private phone numbers and email addresses that are not intended to be public, as well as Twitter IDs, names, login names, locations, and verified status.

The information was gathered in December 2021 by exploiting a Twitter API vulnerability disclosed in the HackerOne bug bounty program, which permitted individuals to provide phone numbers and email addresses to the API in a bid to get the associated Twitter ID. Threat actors could then scrounge public information about the account using this ID to build user record comprising both personal and public information.

The owner of the Breached hacking forum, Pompompurin, explained that “they were responsible for exploiting the bug and creating the massive dump of Twitter user records after another threat actor known as ‘Devil’ shared the vulnerability with them.”

The sources for this piece include an article in BleepingComputer.

SUBSCRIBE NOW

Related articles

Shopify Faces A Class Action In California

A U.S. appeals court has reinstated a proposed data privacy class action against Canadian e-commerce company Shopify, allowing...

Is Lyft Recording It’s Passenger Conversations?

A recent incident in Toronto has raised significant privacy concerns after a Lyft passenger discovered that her private...

Meta Starts Federal Antitrust Trial That Could Lead To A Breakup of the Company

The Federal Trade Commission's (FTC) antitrust trial against Meta Platforms Inc. commenced on April 14, 2025, in Washington,...

Trump Grants 75-Day Extension for TikTok Amid Trade Tensions

President Donald Trump has signed an executive order extending the deadline for TikTok's parent company, ByteDance, to divest...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways