Latest news about Bitcoin and all cryptocurrencies. Your daily crypto news habit.
Private Twitter data pertaining to 5 million users was reshared in a hacker forum last Thursday after first being leaked in July.Â
Whereas July’s leak came with a price tag of $30,000, Thursday’s dump was provided for free.Â
User Private Info Revealed
Pompompurin, the owner of the hacking forum HackerOne, confirmed to BleepingComputer over the weekend that his site was responsible for the initial data dump.
Back in December, a Twitter API bug was discovered as part of the forum’s bug bounty program, which let people retrieve specific Twitter IDs by submitting an associated phone number or email address. This allowed threat actors to build user records on millions of accounts using both public and private information.Â
Enough data was collected by July for a threat actor to start selling the private info of 5.4 million users for $30,000 in an online forum. This data included phone numbers and email addresses, alongside public information like names, Twitter IDs, locations, login names, and verified status.Â
In addition, a second data breach affecting 1.4 million suspended users took place, taking the total of affected profiles up to almost 7 million.Â
The data batch affecting 5.4 million users was freely reshared on a hacking forum on November 24th. According to Pompompurin, this is indeed the same data that was for sale for thousands of dollars in July and August.Â
“These records contain either a private email address or phone number, and public scraped data, including the account’s Twitter ID, name, screen name, verified status, location, URL, description, follower count, account creation date, friends count, favorites count, statuses count, and profile image URLs,” wrote BleepingComputer.Â
Another Larger Breach?
While the API bug used to discover the data had been fixed by January 2022, the same exploit has reportedly been used to enact an even larger data breach.Â
Security expert Chad Loder claimed as much over Twitter last Wednesday, saying he’d received “evidence” of a breach affecting millions of American and European users. “The dataset includes verified accounts, celebrities, prominent politicians, and government agencies,” he added.
Chad Loder’s account was suspended shortly after publishing his claims.Â
Multiple crypto firms including Celsius and OpenSea were struck with an email data breach in July due to a disgruntled employee at Customer.io, which handled customer communications for both firms.Â
The post Leaked Twitter Data for 5 Million Users Reshared Online for Free appeared first on CryptoPotato.
Disclaimer
The views and opinions expressed in this article are solely those of the authors and do not reflect the views of Bitcoin Insider. Every investment and trading move involves risk - this is especially true for cryptocurrencies given their volatility. We strongly advise our readers to conduct their own research when making a decision.