3 min read

Threat actor publicly shares stolen data of 5.4 million Twitter users

Alina BÎZGĂ

November 28, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Threat actor publicly shares stolen data of 5.4 million Twitter users

Last week a data broker using the handle “Pompompurin” uploaded a database with the stolen information of 5.4 million Twitter users on a hacking forum.

The records, now publicly available to download, are the same ones put up for sale in late July 2022 for $30,000 US, after malicious actors exploited a now disclosed Twitter API vulnerability from 2021.

According to the author, the database available for download only contains the information for active Twitter users – including email addresses or phone numbers alongside public-facing information of accounts such as usernames, bio, location and profile photo.

Source: BleepingComputer

BleepingComputer researchers who spoke to hacking forum owner Pompompurin over the weekend said he and his associates were not the only ones exploiting the Twitter vulnerability to steal records.

Moreover, the database shared doesn’t contain the info belonging to an additional 1.4 million Twitter profiles that were suspended, and this data “was only shared privately among a few people.”

Data breach allegedly more significant than believed – 17 million users may be at risk

An independent security researcher announced a more significant breach affecting users in Europe and the US on Nov. 23.

While Loder’s Twitter account was suspended shortly after this post, the researcher posted additional updates on his Twitter page earlier today.

“This Twitter data breach has not been reported before,” Loader said. “Any Twitter account with "Let others find you by your phone" enabled in Discoverability settings is affected. All accounts for the entire country code of France (+33) are listed in the dataset with their mobile numbers.”

BleepingComputer also confirmed the new data dump contains over 1.3 million phone numbers belonging to users in France.

“We have since confirmed with numerous users in this leak that the phone numbers are valid, verifying this additional data breach is real,” BleepingComputer said.

“Furthermore, none of these phone numbers are present in the original data sold in August, illustrating how much larger Twitter's data breach was than previously disclosed and the large amount of user data circulating among threat actors. Pompompurin also confirmed with BleepingComputer that they were not responsible and did not know who created this newly discovered data dump, indicating that other people were using this API vulnerability.”

The online publication said the new data dump allegedly contains over 17 million records of users in Europe, Israel and the US, and one of Loder’s recent tweets puts this into perspective.

“From what I have confirmed, the breached Twitter data covers, at a minimum, the full phone number spaces for multiple country codes in the EU, and some area code in the US,” the tweet said. “The dataset includes verified accounts, celebrities, prominent politicians, and government agencies.”

If confirmed, this new data puts additional millions of Twitter users at risk of falling victim to cybercriminals and fraud.

All Twitter users should remain vigilant against phishing notes (text and email) announcing that their accounts are subject to suspicious activity or are about to be suspended.

If you want to stay on top of data breaches and leaks affecting your social media profiles, grab a Bitdefender Digital Identity Protection tool today.

The privacy-focused service lets you easily monitor and manage your digital identity to defend against privacy and security risks with:

  • 24/7 data breach monitoring on the public and dark web
  • A 360-degree mapping of all your personal data found online
  • Easy way to sniff out social media impersonators
  • Concise and 1-click action items that allow you to act fast and limit the damages of data breaches

tags


Author



Right now

Top posts

Threat actors impersonate Canadian gas retailer to deliver malicious OneNote phishing campaign, Bitdefender Labs warns

Threat actors impersonate Canadian gas retailer to deliver malicious OneNote phishing campaign, Bitdefender Labs warns

January 26, 2023

2 min read
Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns

Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns

January 19, 2023

4 min read
Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

November 29, 2022

2 min read
How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Data of over 20 million TruthFinder and Instant Checkmate users leaked on hacking forum Data of over 20 million TruthFinder and Instant Checkmate users leaked on hacking forum
Alina BÎZGĂ

February 07, 2023

2 min read
Parents’ Credit Card Info Stolen in Australian High School Hack Parents’ Credit Card Info Stolen in Australian High School Hack
Alina BÎZGĂ

January 31, 2023

1 min read
Data breaches affected over 422 million people in 2022, Identity Theft Resource Center says Data breaches affected over 422 million people in 2022, Identity Theft Resource Center says
Alina BÎZGĂ

January 30, 2023

2 min read