5.4 million users' data exposed online as Elon Musk reveals Twitter 2.0
As Elon Musk goes gaga over Twitter 2.0 which will be the 'Everything App', at least 5.4 million Twitter user records, stolen via an internal bug, have been leaked online on a hacker forum.
By IANS | Updated:
Agencies
As Elon Musk goes gaga over Twitter 2.0 which will be the 'Everything App', at least 5.4 million Twitter user records, stolen via an internal bug, have been leaked online on a hacker forum.
In addition to the 5.4 million records for sale online, there were an additional 1.4 million Twitter profiles collected using a different Twitter application programming interface (API) that have reportedly been shared privately among a few people.
The massive data consists of scraped public information as well as private phone numbers and email addresses that are not meant to be public, reports Bleeping Computer.
The data expose came at a time as Musk revealed his Twitter 2.0 -- The Everything App, saying that the new user signups are at an all-time high and the company is now actively recruiting.
Security expert Chad Loder first broke the news on Twitter and was suspended soon from the platform.
"I have just received evidence of a massive Twitter data breach affecting millions of Twitter accounts in the EU and the US. I have contacted a sample of the affected accounts and they confirmed that the breached data is accurate. This breach occurred no earlier than 2021," Loder had posted on Twitter.
The data containing non-public information was stolen using a Twitter API vulnerability fix in January this year.
This data was collected in December 2021 using a Twitter API vulnerability disclosed in the HackerOne bug bounty programme, the report said on Sunday.
Most of the data consisted of public information, such as Twitter IDs, names, login names, locations, and verified status.
It also included private information, such as phone numbers and email addresses.
Musk or Twitter were yet to comment on the report.
Pompompurin, the owner of the Breached hacking forum, told BleepingComputer that "they were responsible for exploiting the bug and creating the massive dump of Twitter user records after another threat actor known as 'Devil' shared the vulnerability with them," the report mentioned.
As hackers released 5.4 million records online, an even larger data dump has allegedly been created using the same vulnerability, according to the report.
"We were told that it consists of over 17 million records but could not independently confirm this," said the report.
In addition to the 5.4 million records for sale online, there were an additional 1.4 million Twitter profiles collected using a different Twitter application programming interface (API) that have reportedly been shared privately among a few people.
The massive data consists of scraped public information as well as private phone numbers and email addresses that are not meant to be public, reports Bleeping Computer.
The data expose came at a time as Musk revealed his Twitter 2.0 -- The Everything App, saying that the new user signups are at an all-time high and the company is now actively recruiting.
Security expert Chad Loder first broke the news on Twitter and was suspended soon from the platform.
"I have just received evidence of a massive Twitter data breach affecting millions of Twitter accounts in the EU and the US. I have contacted a sample of the affected accounts and they confirmed that the breached data is accurate. This breach occurred no earlier than 2021," Loder had posted on Twitter.
ADVERTISEMENT
The data containing non-public information was stolen using a Twitter API vulnerability fix in January this year.
This data was collected in December 2021 using a Twitter API vulnerability disclosed in the HackerOne bug bounty programme, the report said on Sunday.
Most of the data consisted of public information, such as Twitter IDs, names, login names, locations, and verified status.
It also included private information, such as phone numbers and email addresses.
ADVERTISEMENT
Musk or Twitter were yet to comment on the report.
Pompompurin, the owner of the Breached hacking forum, told BleepingComputer that "they were responsible for exploiting the bug and creating the massive dump of Twitter user records after another threat actor known as 'Devil' shared the vulnerability with them," the report mentioned.
ADVERTISEMENT
As hackers released 5.4 million records online, an even larger data dump has allegedly been created using the same vulnerability, according to the report.
"We were told that it consists of over 17 million records but could not independently confirm this," said the report.
Download
The Economic Times Business News App for the Latest News in Business, Sensex, Stock Market Updates & More.
The Economic Times Business News App for the Latest News in Business, Sensex, Stock Market Updates & More.
Download
The Economic Times News App for Quarterly Results, Latest News in ITR, Business, Share Market, Live Sensex News & More.
The Economic Times News App for Quarterly Results, Latest News in ITR, Business, Share Market, Live Sensex News & More.
Related Articles
US stocks: SpaceX to make historic listing on Nasdaq on Friday that could make Elon Musk a trillionaire2026-06-11T19:46:00Z- US stocks: Musk's SpaceX prices record $75 billion IPO at $135 a share2026-06-11T19:31:21Z
- SpaceX IPO date, price, valuation, stock symbol, how to buy shares: What US investors need to know about Elon Musk's historic listing2026-06-11T14:29:24Z
ADVERTISEMENT
