Stolen Twitter Data Leaked Online, Even Bigger Breach Revealed

A data breach that impacted Twitter back in the summer has come back to haunt Elon Musk’s platform, after stolen data was published online.

It was in July this year when Twitter was compromised by a vulnerability that had existed since late 2021.

The hacker, who went by the username “devil”, began touting the Twitter database of 5.4 million users on hacker forum, Breached Forums in the summer for $30,000.

User data

Breached Forums was the same hacker forum that gained international attention in July 2022 after a data breach exposed over 1 billion Chinese residents.

The Twitter vulnerability allowed “devil” to acquire Twitter IDs, names, login names, locations, and verified status, it also included private information, such as phone numbers and email addresses, even if the user had hidden these fields in the privacy settings.

The bug was reportedly specific to Twitter’s Android client and occurred with Twitter’s API.

The vulnerability had already been patched by Twitter in January 2022.

Fast forward nearly five months, and BleepingComputer reported Monday that the 5.4 million user records containing passwords, phone numbers, emails and more have been shared free-of-charge on a hacker forum.

Pompompurin, the owner of the Breached hacking forum, told BleepingComputer last weekend that they were responsible for exploiting the bug and creating the massive dump of Twitter user records after ‘Devil’ had shared the vulnerability with them.

In addition to the 5.4 million records for sale, there were also an additional 1.4 million Twitter profiles for suspended users collected using a different API, bringing the total to almost 7 million Twitter profiles containing private information, BleepingComputer reported.

Pompompurin reportedly said that this second data dump was not sold and was only shared privately among a few people.

Second breach

The fact that hackers released the 5.4 million records for free, worse news has followed as BleepingComputer reported that an even larger data dump was allegedly created using the same vulnerability.

According to BleepingComputer, news of this more significant data breach came from security expert Chad Loder, who first broke the news on Twitter and was suspended soon after posting it.

Loder subsequently posted a redacted sample of this larger data breach on Mastodon, the social network that many Twitter users are switching to following Elon Musk’s takeover of the platform.

“I have just received evidence of a massive Twitter data breach affecting millions of Twitter accounts in EU and US. I have contacted a sample of the affected accounts and they confirmed that the breached data is accurate. This breach occurred no earlier than 2021,” Loder shared on Twitter.

BleepingComputer obtained a sample file of this previously unknown Twitter data dump, which contains 1,377,132 phone numbers for users in France.

BleepingComputer said it has since confirmed with numerous users in this leak that the phone numbers are valid, verifying this additional data breach is real.

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Meta Refuses EU Release Of Multimodal Llama AI Model

Mark Zuckerberg firm says European regulatory environment too ‘unpredictable’, so will not release multimodal Llama…

42 mins ago

Synchron Announces Brain Interface Chat Powered by OpenAI

Brain implant firm Synchron offers AI-driven emotion and language predictions for users, powered by OpenAI's…

2 hours ago

Amazon Workers In Coventry Fail To Form Union

Amazon workers in Coventry lose union recognition ballot by just a handful of votes, amid…

6 hours ago

US Considers Further Chip Restrictions For China – Report

Stop supplying Beijing. US tells allied chip tech firms it is mulling the most severe…

7 hours ago

Bitcoin ‘Creator’ Craig Wright Admits He Is Not Satoshi Nakamoto

Australian computer scientist Craig Wright referred to Crown Prosecution Service (CPS) to be considered for…

23 hours ago