5.4 million Twitter users' stolen data leaked online — more shared privately
Millions of Twitter user records containing non-public information stolen using an API vulnerability fixed in January have been shared for free on a hacker forum.
Forum post selling the scraped Twitter dataSource: BleepingComputerThis data was collected in December 2021 using a Twitter API vulnerability disclosed in the HackerOne bug bounty program that allowed people to submit phone numbers and email addresses into the API to retrieve the associated Twitter ID. Pompompurin, the owner of the Breached hacking forum, told BleepingComputer this weekend that they were responsible for exploiting the bug and creating the massive dump of Twitter user records after another threat actor known as 'Devil' shared the vulnerability with them. This data dump potentially contains tens of millions of Twitter records consisting of personal phone numbers collected using the same API bug, and public information, including verified status, account names, Twitter ID, bio, and screen name.
Source read time: 4 min - bleepingcomputer.com
Also offered in: Nederlands