Twitter logo with finger print and open locks on blue paper pieces

TY Lim/Shutterstock (Licensed)

Hacked Twitter data includes phone numbers, personal emails for celebrities, prominent politicians

Private information such as email addresses and phone numbers are present in the leak.

 

Mikael Thalen

Tech

Posted on Nov 29, 2022   Updated on Nov 30, 2022, 9:03 am CST

More than 5.4 million user records from Twitter have been published online, exposing everything from private phone numbers to email addresses.

Featured Video Hide

The data, which was released for free on a popular hacking forum this month, was pilfered last December after hackers exploited an API vulnerability on the social media platform.

Advertisement Hide

Although Twitter says the issue was patched in January after it was reported to the HackerOne bug bounty program, numerous threat actors were able to take advantage before the vulnerability was fixed.

The leak, as first reported by BleepingComputer, contains not only private phone numbers and email addresses but public scrapes of “Twitter IDs, names, login names, locations, and verified status.”

Before being released for free, a hacker had attempted to sell the information on the same hacking forum for $30,000 in July.

The Daily Dot was able to confirm the presence of both private emails and phone numbers in the data breach. The Daily Dot was also able to confirm that the private emails and phone numbers in the data breach included those of high-profile celebrities and politicians.

Advertisement Hide

Aside from the 5.4 million user records, private data on more than 1.4 million suspended Twitter accounts has also been shared privately online. The additional data, according to BleepingComputer, has not been made public.

It also appears that the 5.4 million user records had been briefly offered online for free in September as well.

While the data leak is undoubtedly concerning, an even larger dataset obtained due to the API vulnerability was also discovered this month. Independent researcher Chad Loder noted on Twitter the significance of the separate breach before being suspended from the platform.

“I have just received evidence of a massive Twitter data breach affecting millions of Twitter accounts in EU and US,” Loder wrote. “I have contacted a sample of the affected accounts and they confirmed that the breached data is accurate. This breach occurred no earlier than 2021.”

Advertisement Hide

BleepingComputer also confirmed that the data in the breach referenced by Loder was not the same as the data in the 5.4 million user records. Although unconfirmed, the latest dataset is believed to contain over 17 million records in total.

This post has been updated.

We crawl the web so you don’t have to.
Sign up for the Daily Dot newsletter to get the best and worst of the internet in your inbox every day.
Share this article
*First Published: Nov 29, 2022, 1:00 pm CST