More than 5.4 million Twitter user records, including personal phone numbers and email addresses, are available on the dark web in a massive data dump that some believe the company is covering up.
The data dump was identified by Chad Loder, the founder of cybersecurity awareness company Habitu8, who shared the news in a post on his Twitter account on November 23, and his account was suspended shortly after the post.
The problem with this data being available is that it is information to trigger phishing attacks to obtain login credentials.
The removal of the tweets and Loder’s suspension has raised concerns that Twitter is trying to hide the issue, with some Twitter users saying that Elon Musk is “banned.” [him] for exposing how weak Twitter’s security is.
The user data was first posted on a hacking forum in July with a price tag of $30,000, but a recent sale is offering the information for free, according to computer beep.
The data dump was shared last week on the dark web. A hacker posted on a forum that has 5.4 million Twitter user records and offers them for free
The data dump was identified by Chad Loder, the founder of cybersecurity awareness company Habitu8, who shared the news in a post on his Twitter account on November 23.
Loder’s account was suspended a day after he shared the news of the data dump. It is still suspended to this day.
The hackers are believed to have obtained the information in ‘December 2021 using a Twitter API vulnerability disclosed in the HackerOne bug bounty program that allowed people to submit phone numbers and email addresses to the API to recover the associated Twitter ID’, according to Bleeping Computer.
Twitter confirmed in August that bad actors exploited the vulnerability, but fixed the flaw in January 2022.
At this time, Twitter reported that it had “no evidence” that the flaw had been exploited.
Daily Mail has contacted Twitter for comment.
The removal of the tweets and Loder’s suspension has raised concerns that Twitter is trying to hide the issue, with some Twitter users saying that Elon Musk is “banned.” [him] for exposing how weak Twitter’s security is
The data dump included millions of phone numbers. Loder shared a snapshot of phone numbers collected from users in France.
The initial data dump was revealed in July (pictured) and was offered for $30,000
Bleeping Computer reports that Pompompurin, the owner of the hacking forum Breached, is responsible for exploiting the flaw in December and created the extensive database that was later posted online by a hacker known as ‘Devil’.
This hacker listed 5,485,636 user account records on the dark web in July and two parties are believed to have purchased the information for less than $30,000.
And in addition to the 5.4 million registrations, there were an additional 1.4 million Twitter profiles for suspended users collected using a different API.
Pompompurin told BleepingComputer that they are not involved with the latest data dump.
This suggests that various individuals, or hacking groups, took advantage of the flaw last December.
Loder’s suspension has sparked outrage on Twitter, with users believing this suggests Elon Musk doesn’t care about free speech.
Users are sure that Loder’s account was suspended because he broke the news of the data dump
Regardless, the data leak on the dark web contains enough information for hackers to unleash phishing attacks.
In September, and now more recently, on November 24, Twitter’s 5.4 million records have already been shared for free on a hacking forum.
Bleeping Computer is now warning users to tire of emails from Twitter as they are likely to be fake and designed to steal login credentials.
‘If you get an email saying your account has been suspended, there are login issues, or you’re about to lose your verified status, and it asks you to log in to a non-Twitter domain, please ignore the emails and delete them as is. likely phishing attempts’, says Bleeping Computer.
Loder sounded the alarm about the latest data dump in a tweet: “Just received evidence of a massive Twitter data breach affecting millions of Twitter accounts in the EU and US.” I contacted a sample of the affected accounts and they confirmed that the breached data is accurate.
“This breach did not occur before 2021.”
However, Loder is also known as an “anti-fascist blogger” who helped identify a “proud member who attacked police officers on January 6,” according to a Reddit post shared on Friday.
Robert Mackey, a reporter for The Intercept, shared on his Twitter account on November 24 that the reason Loder’s account was suspended is “probably to suppress reporting on right-wing extremists.”