A threat actor with the alias “devil” is selling the data of 5.4 million Twitter users on the dark web for $30,000. The data includes public profile data, email addresses, and phone numbers. The data is available on the site Breach Forums. The owner of the forum has verified the authenticity of the leak.
Although the data didn’t contain passwords, email addresses, and phone numbers can still be used for phishing or identity theft. The seller of the data claims that the database includes some sensitive information on “Celebrities, Companies, randoms, OGs, etc.”
The user selling the data also posted a sample, so anyone can verify the data before buying it. People at RestorePrivacy also downloaded the sample and shared a snapshot of the sample data.
The data was accessed by exploiting a vulnerability discovered in January 2022. Twitter later patched the vulnerability and also awarded$5,040 to the security researcher who reported the vulnerability to the company.