The site’s API once had a readily exploited weakness, causing the Twitter data breach and allowing hackers to steal 5.4 million user credentials. There are now many million additional pieces of user data floating around the internet, according to reports and remarks from users in hacker forums.
According to BleepingComputer, the 5.4 million user records comprising passwords, phone numbers, emails, and other information may have been the tip of the iceberg for a far wider data leak. The data was first obtained from Twitter by exploiting a weakness in the platform’s application programming interface (API), but it is now freely available online.
According to HackerOne, hackers discovered a way to allow anyone to obtain a user’s Twitter ID by submitting their phone number or email to the system, even if the user had turned off that option in their account.
Twitter disclosed the initial API attack and compromised millions of user IDs. At the time, the site stated that it was alerting users who could confirm they had been affected by the data theft. However, there appears to be “multiple threat actors, operating independently” stealing data from the United Kingdom, some EU countries, and parts of the United States, mostly beginning in late 2021. That second Twitter data breach set could contain up to 1.4 million more profiles.
A newer Twitter data breach
It is unclear how many of those accounts include fresh information. On the same forum discussion, LeakCheck, a cybersecurity password checker, noticed that just around 12% of the emails identified in the more than 500GB of data were new, meaning they hadn’t been found in earlier dumps.
So there could be up to 7 million users or former users whose account information is floating around the internet.
According to the dark forum’s owner, the 1.4 million documents were not meant to be made public, but they appear to have been leaked nevertheless. According to BleepingComputer, the data might contain around 17 million user records, far more than initially disclosed. However, the complete figure has yet to be legally determined.
The data was originally put up for $30 million by hackers on the dark hacker forum, but according to this most recent report, it is now available for free online. According to BleepingComputer, it accessed 1.37 million of the leaked records for users in France. It has since been confirmed that at least some of the numbers listed in the leak were correct.
Though Twitter has more than 200 million active daily users, a breach of 17 million would be one of the larger user data breaches, though by no means the largest. A prior hacker stole 100 million instances of customer information from CapitalOne, and the criminal was sentenced to five years probation. LinkedIn has dealt with scraped user profiles totaling 500 million. Uber, the ride-hailing company, has had two major data breaches, one in 2016 and the most recent just a few months ago.
It’s quite remarkable how the data, sold for $30 million, was made free after Musk got a hold of the company. Some hypocritical people really didn’t like their social engineering and zoomer psyche-programming tool to be used by everyone equally. They are probably afraid that the results of the Salomon Asch conformism experiments use is running out when you can’t silence the opposite voices to your agendas.
If you hated the Twitter data breach news as much as we did, take a look at this Twitter 2.0 explained article for an eye-bleach.
About Twitter
Twitter is a microblogging social networking service owned by American company Twitter, Inc., on which users post and interact with messages known as “tweets”. Registered users can post, like, and retweet tweets, while unregistered users only have the ability to read public tweets. Users interact with Twitter through browser or mobile frontend software or programmatically via its APIs. Before April 2020, services were accessible via SMS. Tweets were originally restricted to 140 characters, but the limit was doubled to 280 for non-CJK languages in November 2017. Audio and video tweets remain limited to 140 seconds for most accounts.
