Twitter users’ data leaks online

Share post:

Utilizing API security flaws fixed in January, over 5.4 million Twitter user records containing non-public information were stolen through an internal bug and leaked online on a hacker forum.

Last July, malicious actors began selling the private information of over 5.4 million Twitter users on a hacking forum for $30,000 on a hacking forum.

The leaked data includes public information as well as private phone numbers and email addresses that are not intended to be public, as well as Twitter IDs, names, login names, locations, and verified status.

The information was gathered in December 2021 by exploiting a Twitter API vulnerability disclosed in the HackerOne bug bounty program, which permitted individuals to provide phone numbers and email addresses to the API in a bid to get the associated Twitter ID. Threat actors could then scrounge public information about the account using this ID to build user record comprising both personal and public information.

The owner of the Breached hacking forum, Pompompurin, explained that “they were responsible for exploiting the bug and creating the massive dump of Twitter user records after another threat actor known as ‘Devil’ shared the vulnerability with them.”

The sources for this piece include an article in BleepingComputer.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Cyber Security Today, April 19, 2024 – Police bust phishing rental platform, a nine-year old virus found on Ukrainian computers, and more

This episode reports on a threat actor targeting governments in the Middle East with a novel way of hiding malware is going international

Controversial expansion of US surveillance powers nears Senate vote

The US Senate is poised to vote on a significant expansion of Section 702 of the Foreign Intelligence...

LinkedIn introduces verification for recruiters to combat scams

LinkedIn announced today the launch of a new verification process for job recruiters, a move aimed at curtailing...

Canadian police need a search warrant to get your IP address: Supreme Court

An IP address is the key to unlocking a user's internet identity the court's majority

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways