Per Bleeping Computer, nearly seven million Twitter accounts have been impacted by a data breach.
The data breach stems back to last July when Bleeping Computer reports that a “threat actor” began selling private information connected to more than five million Twitter accounts for approximately $30,000. According to the report, the seller’s package included phone numbers, email addresses and other private information.
It is believed that the “threat actor” was able to collect private information by using HackerOne’s “Bug Bounty” program to exploit Twitter’s security. From there, a potential “threat actor” could pull together public and non-public information to create a record of various Twitter users. Bleeping Computer did reach out to Twitter and the social media platform confirmed that it had suffered a data breach, but it was only fixed in January 2022. Initial reports indicate that approximately 5.4 million active accounts and 1.4 suspended accounts may have been impacted by this data breach.
Despite Twitter’s efforts to secure the data of its users, multiple reports indicate that the private information of more than five million accounts was shared online for free in November 2022. Unfortunately, it appears that this recent distribution of data was the tip of the iceberg.
“While it is concerning that threat actors released the 5.4 million records for free, an even larger data dump was allegedly created using the same vulnerability,” Lawrence Abrams of Bleeping Computer wrote.
“This data dump potentially contains tens of millions of Twitter records consisting of personal phone numbers collected using the same API bug, and public information, including verified status, account names, Twitter ID, bio, and screen name.”