In one of the worst data breaches, Twitter suffered a massive data leak that exposed the data of a whopping 5.4 million Twitter users via an API vulnerability. The stolen non-public records of Twitter users have been posted for free on a hacker forum, the Bleeping Computer has reported. The same vulnerability has been exploited by several bad actors, the report has added.
Originally reported by HackerOne back in January, the Twitter security bug would allow anybody to enter a phone number or email address, and then find the associated Twitter ID. This is an internal identifier used by Twitter, but can be readily converted to a Twitter handle, the HackerOne report suggested.
A large part of the leaked data comprised of public information, such as the user IDs of Twitter users, names, login names, locations and verified status, it also included private information, such as phone numbers as well as email addresses. This data was collected in December 2021 using a Twitter API vulnerability disclosed in the HackerOne bug bounty program that allowed people to submit phone numbers and email addresses into the API to retrieve the associated Twitter ID, the Bleeping Computer report added.
Meanwhile, Twitter is going through a major transition after tech billionaire Elon Musk acquired it. New Twitter boss Musk has recently claimed that new user signups are at an “all-time high,” as he dealt with a large migration of advertisers and users moving to alternative platforms due to concerns about verification and hate speech. As of November 16, signups were averaging over two million per day, up 66 per cent from the same week in 2021, Musk stated in a tweet.
Twitter also faced a minor dip in service, Musk tweeted on November 28. Musk said that the issue was caused due to an “old” third-party tool that was used to block accounts that had no rate limit (which refers to limiting network traffic). The CEO confirmed that the issue has been fixed.