Sponsored Links

Twitter data leak exposes over 5.4 million accounts

The dump includes private phone numbers and email addresses.
A view of the Twitter logo at its corporate headquarters in San Francisco, California, U.S. November 18, 2022.
REUTERS/Carlos Barria
Steve Dent
Steve Dent|@stevetdent|November 28, 2022 4:50 AM

Earlier this year, Twitter confirmed that the private user data for 5.4 million users was stolen due to an API vulnerability, but the company said it had "no evidence" that it was exploited. Now, all of those accounts have been exposed on a hacker form, BleepingComputer has reported. On top of that, an additional 1.4 million Twitter profiles for suspended users was reportedly shared privately, and an even larger data dump with the data of "tens of millions" of other users may have come from the same vulnerability.

The owner of hacking forum called Breached told BleepingComputer that it was responsible for exploiting the weakness (originally obtained from another hacker called "Devil") and dumping the user records. It said that it also obtained 1.4 million Twitter profiles for suspended accounts, obtained via another API, but only shared those privately among a few individuals.

On top of all that, security expert Chad Loder has revealed that tens of millions more Twitter records may have been collected using the same API. Once again, data collected may include private phone numbers along with public information. Loder posted a redacted sample on Mastodon, as he was banned on Twitter several days ago for unknown reasons. It could contain over 17 million records, BleepingComputer was told.

Turn on browser notifications to receive breaking news alerts from Engadget
You can disable notifications at any time in your settings menu.
Not now

The breaches leaked users' private phone numbers and email addresses, which could be used for phishing and other scams. That information could also be exploited to uncover identities from private Twitter accounts. As usual, be very wary of any suspicious emails or texts claiming to come from Twitter — and if you're thinking about using two-factor authentication, now would be a good time.  

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission. All prices are correct at the time of publishing.
Twitter data leak exposes over 5.4 million accounts