Over 5.4 million Twitter users have reportedly been targeted in a major breach of personal data following revelations earlier this year that the site had a serious security flaw.
According to AppleInsider, a hack of 5.4 million users is small compared to the 478 million T-Mobile customers affected in August 2021. It is even small compared to the 70 million users of AT&T affected later that same month.
Still, the hacked data now on sale comes from a vulnerability that was reported in January 2022, according to RecoverPrivacy. The microblogging site acknowledged that this was a legitimate security issue and even offered a $5,040 reward to the discoverer, “Zhirinovsky”.
“Exactly as the HackerOne user zhirinovskiy described in the initial report in January, a threat actor is now selling the data allegedly acquired from this vulnerability,” said Sven Taylor of Restore Privacy.
“The post is still live now with the Twitter database allegedly consisting of 5.4 million users being for sale.”
According to Restore Privacy, the hacked data now on sale comes from a vulnerability that was reported in January 2022.
Taylor mentioned that they reached out to the seller of this database to gather additional information. “The seller is asking for at least $30,000 for the database, which is now available due to ‘Twitter’s incompetence,’ according to the seller.”
The seller has posted about the data on the site Breach Forums. According to RecoverPrivacy, the owner of the forum confirmed the leak.
A sample of the available data is included in the non-compliance forum posts. It appears to display publicly available Twitter profile information, including the phone number and/or email address used to log in.