Twitter in July this year acknowledged that a susceptibility in its code led to a data exposure but had then said that it does not have evidence to ascertain if the data is exploited. But now, according to a report from BleepingComputer, over 5.4 million Twitter user records have been shared for free on a hacker forum.
Moreover, supplementary 1.4 million Twitter profiles for suspended users were reportedly distributed privately, and an even larger data dump may have come from the same susceptibility.
The report states that the data comprises scraped public information, private phone numbers and email addresses that are not meant to be public. “In September, and now more recently, on November 24th, the 5.4 million Twitter records have now been shared for free on a hacking forum.”
Pompompurin, the owner of the Breached hacking forum, confirmed to BleepingComputer that this is the same data that was sold in August, and consists of 5,485,635 Twitter user records. “These records contain either a private email address or phone number, and public scraped data, including the account’s Twitter ID, name, screen name, verified status, location, URL, description, follower count, account creation date, friends count, favourites count, statuses count, and profile image URLs.”
Moreover, a prominent security expert Chad Loder warned of more serious data breach in a Twitter post. However, his account now stands suspended.
“I have just received evidence of a massive Twitter data breach affecting millions of Twitter accounts in EU and US. I have contacted a sample of the affected accounts and they confirmed that the breached data is accurate. This breach occurred no earlier than 2021,” Loder had tweeted.
(Except for the headline, this story has not been edited by GOVT.in staff and is published from a syndicated feed.)
