More than 5.4 million Twitter user records, including personal phone numbers and email addresses, are up for grabs on the dark web in a massive data dump that some believe the firm is covering up.
The data dump was identified by Chad Loder, the founder of cyber security awareness company Habitu8, who shared the news in a post to his Twitter account on November 23 – and his account was suspended shortly after posting.
The problem with this data being available is that it is information to unleash phishing attacks to obtain login credentials.
Removing Loder’s tweets and suspension has sparked concerns that Twitter is trying to hide the issue, with some Twitter users saying Elon Musk ‘banned [him] for exposing how weak Twitter security is.’
The user data was first posted on a hacking forum in July with a $30,000 price tag, but a recent sale offers the information for free, according to Bleeping Computer.
The data dump was shared last week on the dark web. A hacker posted in a forum that they have 5.4 million Twitter user records and is offering them for free
The data dump was identified by Chad Loder, the founder of cyber security awareness company Habitu8, who shared the news in a post to his Twitter account on November 23
Loder’s account was suspended a day after sharing the news of the data dump. It is still suspended to this day
It is believed that hackers obtained the information in ‘December 2021 using a Twitter API vulnerability disclosed in the HackerOne bug bounty program that allowed people to submit phone numbers and email addresses into the API to retrieve the associated Twitter ID,’ according to Bleeping Computer.
Twitter confirmed in August that bad actors took advantage of the vulnerability but patched the flaw in January 2022.
At this time, Twitter reported it had ‘no evidence’ that the flaw had been exploited.
Daily Mail has contacted Twitter for comment.
Removing Loder’s tweets and suspension has sparked concerns that Twitter is trying to hide the issue, with some Twitter users saying Elon Musk ‘banned [him] for exposing how weak Twitter security is
The data dump included millions of phone numbers. Loder shared a snap shot of phone numbers collected from users in France
The initial data dump was revealed in July *pictured) and was being offered for $30,000
Bleeping Computer reports that Pompompurin, the owner of the Breached hacking forum, is responsible for exploiting the flaw in December and created the extensive database that was then posted online by a hacker known as ‘Devil.’
This hacker listed 5,485,636 user account records on the dark web in July and it is believed two parties purchased the information for less than the $30,000 price tag.
And on top of the 5.4 million records, there were an additional 1.4 million Twitter profiles for suspended users collected using a different API.
Pompompurin told BleepingComputer that they are not involved with the latest data dump.
This suggests multiple people, or hacking groups, took advantage of the flaw last December.
Loder’s suspension has sparked outrage on Twitter, with users believing this suggests Elon Musk does not care about free speech
Users are sure Loder’s account was suspended because he broke news of the data dump
Regardless, the data leak on the dark web contains enough information for hackers to unleash phishing attacks
In September, and now more recently, on November 24, the 5.4 million Twitter records have now been shared for free on a hacking forum.
Bleeping Computer is now warning users to be weary of emails from Twitter, as they could likely be fake and designed to steal login credentials.
‘If you receive an email claiming your account was suspended, there are login issues, or you are about to lose your verified status, and it prompts you to login on to a non-Twitter domain, ignore the emails and delete them as they are likely phishing attempts,’ Bleeping Computer states.
Loder sounded the alarm about the latest data dump in a tweet: ‘I have just received evidence of a massive Twitter data breach affecting millions of Twitter accounts in the EU and US. I have contacted a sample of the affected accounts and they confirmed that the breached data is accurate.
‘This breach occurred no earlier than 2021.’
However, Loder is also known as an ‘antifascist blogger’ who helped identify a ‘proud boy member who attacked policemen on January 6,’ according to a Reddit post shared on Friday.
Robert Mackey, a reporter for The Intercept, shared on his Twitter account on November 24 that the reason Loder’s account was suspended is ‘likely to suppress reporting on right-wing extremists.’