Nov 28 – Via a vulnerability known as an API (application programming interface) attack, the data belonging to over 5.4 million people made its way into hackers’ hands, eventually appearing on the internet. The private phone numbers and email addresses of celebrities and private companies may have been exposed, along with those belonging to private citizens.
Worse yet, an even larger data leak pertaining to “tens of millions” of other users may have stemmed from the same vulnerability, although media reports appear unconfirmed.
The initial breach may have occurred in 2021, and affects users across the world; from the EU, to the US, to Israel.
Last July, the 5.4 million users’ information appeared on a hacking forum, and was listed for the price of $30,000 USD. More recently, the information was shared for free on a hacker forum, according to Bleeping Computer.
On Twitter, shortly after breaking the news about the breach, security expert Chad Loder observed that his account had been suspended. Loder then posted a redacted sample of the breach on another site.
“I have just received evidence of a massive Twitter data breach affecting millions of Twitter accounts in the EU and the US. I have contacted a sample of the affected accounts and they confirmed that the breach data is accurate,” wrote Loder.
Twitter breach implications
The breached phone numbers and email addresses could be used for phishing purposes and other scams. Hypothetically, they could also be used to piece together identities of private Twitter account owners.
In the wake of this leak, remain wary of suspicious emails or text messages that appear to come from Twitter. Should you receive an email claiming that your account was suspended, that you will lose your ‘verified’ status, or that you should login to a non-Twitter domain, assume that the email is spam.
If you’re considering the implementation of two-factor authentication across your accounts, now would be a good time for that.
For more CyberTalk.org data breach insights, click here. For more recent Twitter news, click here. Lastly, to receive more cutting-edge cyber security news, best practices and analyses, please sign up for the CyberTalk.org newsletter.