It has been reported in a recent development that at least 5.4 million Twitter user records have been stolen via an internal bug which is being reported as a ‘Massive Twitter Data Breach.’ Chad Loder, the founder of cyber security awareness company Habitu8, identified the leak and posted it on his account, only to get it suspended in a few hours.
Massive Twitter Data Breach: Risk of Phishing Attacks
Chad mentioned that the exposed data is enough to unleash phishing attacks and obtain login credentials. He said that the attack had impacted chiefly users from the European Union and the United States, the data was first dumped on the dark web with a $30,000 price tag in July, but the recent sale offers this information for free.
According to the cybersecurity site, Bleeping Computers, the hackers obtained the information in December 2021 using a Twitter API vulnerability disclosed in the HackerOne bug bounty program that allowed people to submit phone numbers and email addresses into the API to retrieve the associated Twitter ID. According to the firm, the hacker listed 5,485,636 user account records on the dark web in July. Two interested parties reportedly purchased the information for less than 30,000 dollars.
Twitter is Reportedly Covering the Flaw
As soon as Chad posted an update related to the Twitter breach, his account was immediately suspended, making people believe that the team behind Twitter is trying to hide the apparent facts to cover their mistakes. A Twitter user wrote, “Musk banned [Loder] for exposing how weak Twitter security is.” While another user posted a completely different point of view, saying, “Chad Loder didn’t only aid riots and violence, he’s actively holding onto and releasing hacked Twitter data on his Mastodon account. Musk must ensure he never returns.”
Also read: WhatsApp Data Breach: Records of 500 Million Users Up for Grabs