What the Massive Twitter Data Leak Reveals About Platform Security

After Elon Musk announced the dismissal of Twitter's entire security team, the platform faced another major incident: more than 5.4 million user records were posted on the dark web and shared for free, and a potentially larger database containing tens of millions of records was also reported.

The exposed data includes public information such as Twitter ID, name, screen name, verification status, location, URL, description, follower count, account creation date, friend count, favorite count, tweet count, and profile image URL, as well as private details like email addresses and phone numbers, raising serious phishing concerns for millions of users.

Data leak fixed after six months

On August 5 2022, Twitter confirmed the 5.4 million‑account breach in a privacy‑center statement, acknowledging that a vulnerability introduced in a June 2021 update allowed anyone to submit an email address or phone number and receive associated account information.

The flaw was reported to HackerOne on January 1 2022 by user "zhirinovsky," who received a $5,040 bounty. The vulnerability posed a severe threat to private or anonymous accounts, enabling the creation of large databases or detailed user profiling through big‑data analysis.

Twitter investigated and patched the issue six months after it was introduced, though no evidence showed the bug had been exploited before the fix.

In July 2021, media outlet RestorePrivacy reported a new user selling a Twitter database for $30,000, claiming it contained data from millions of accounts worldwide, including emails, phone numbers, and public profile information.

Data leak far more than imagined

Security researcher Loder later shared samples of an even larger dump, suggesting the breach may involve up to 20 million records, with verified phone numbers and other personal data confirming the leak's authenticity.

Expert Pompompurin noted that the source of this new dump is unknown, but it indicates ongoing exploitation of the API vulnerability. The dump is organized by country codes, covering regions such as the EU, Israel, and the United States.

Users are urged to remain vigilant, scrutinize any emails claiming to be from Twitter, and avoid potential phishing attacks.

Source: https://www.bleepingcomputer.com/news/security/54-million-twitter-users-stolen-data-leaked-online-more-shared-privately/