Records of over 5.4 million Twitter users have been shared for free on a hacker forum. The leaked data include non-public information stolen using an API vulnerability. Although the vulnerability was fixed in January, hackers managed to access the data of millions of users.
This data was collected back in December 2021 using a Twitter API vulnerability. The vulnerability allowed anyone to gather information of Twitter ID by submitting phone numbers and email addresses. Then it can be used to fetch records including private and public information.
This data dump has appeared multiple times on different hacking forums. Now a threat actor has created a new listing with 5,485,635 Twitter user records on a forum. On the same forum, I can see multiple listing of the same data dump created by different users. Here’s a screenshot of the latest listing.
Although multiple listings are selling the same data dump with 5.4 million records, people on the forum are talking about the larger 500GB data dump containing more records. A threat actor created a larger data dump using the same vulnerability.
The recent listing includes phone numbers that have been verified by a few individuals. These phone numbers are real. Secret Chad Loder also posted on Mastodon about the breach. He contacted a few people affected by this breach and found that the data leaked in this dump is accurate.
This leaked data can be used to perform phishing attacks against the affected users. Hackers can send fake emails about account suspension, verification statue, or more to force you to sign into a phishing page. So, you need to take a little extra care in the coming days.
