5.4 million Twitter accounts stolen, more to come2022-11-29 19:38 by Daniela
Tags: Twitter, API, hackers
Earlier this year, Twitter confirmed that the private user data for 5.4 million users was stolen due to an API vulnerability, but the company said it had "no evidence" that it was exploited.
Now, all of those accounts have been exposed on a hacker form, BleepingComputer has reported. On top of that, an additional 1.4 million Twitter profiles for suspended users was reportedly shared privately, and an even larger data dump with the data of "tens of millions" of other users may have come from the same vulnerability.
BleepingComputer has an example of a leaked user record, and if it's accurate there may not be too much to worry about. The only piece of sensitive information visible is the email address the user has linked to the account. Beyond that, information like the user's screen name, follower count, bio, and verification status are all publicly available anyway. You can determine all of those just by viewing someone's profile. The leak is also said to include private phone numbers, which is a bit more serious than email addresses and what is essentially publicly available profile information.
The Twitter breach comes amid a wave of API attacks, with Salt Security reporting that 95% of organizations experienced security problems in production APIs over the past 12 months, and 20% suffered a data breach as a result of security gaps in APIs.
Read more -here-