Twitter data leak exposes over 5.4 million accounts

Earlier this 12 months, Twitter confirmed that the non-public person knowledge for five.4 million customers was stolen as a result of an API vulnerability, however the firm mentioned it had “no proof” that it was exploited. Now, all of these accounts have been uncovered on a hacker type, BleepingComputer has reported. On prime of that, a further 1.4 million Twitter profiles for suspended customers was reportedly shared privately, and a fair bigger knowledge dump with the info of “tens of thousands and thousands” of different customers could have come from the identical vulnerability.

The proprietor of hacking discussion board known as Breached advised BleepingComputer that it was answerable for exploiting the weak spot (initially obtained from one other hacker known as “Satan”) and dumping the person information. It mentioned that it additionally obtained 1.4 million Twitter profiles for suspended accounts, obtained through one other API, however solely shared these privately amongst a couple of people.

On prime of all that, safety professional Chad Loder has revealed that tens of thousands and thousands extra Twitter information could have been collected utilizing the identical API. As soon as once more, knowledge collected could embody non-public telephone numbers together with public info. Loder posted a redacted pattern on Mastodon, as he was banned on Twitter a number of days in the past for unknown causes. It might comprise over 17 million information, BleepingComputer was advised.

The breaches leaked customers’ non-public telephone numbers and e mail addresses, which might be used for phishing and different scams. That info is also exploited to uncover identities from non-public Twitter accounts. As regular, be very cautious of any suspicious emails or texts claiming to come back from Twitter — and should you’re fascinated about utilizing two-factor authentication, now can be a superb time.