More than 5.4 million Twitter users’ records including personal phone numbers and email addresses have been reportedly hacked and made available on the dark web as part of a massive data dump.
The data dump was identified by the founder of cyber security awareness company Habitu8, Chad Loder, who shared the news in a post on his Twitter handle on November 23 and had his account suspended shortly after posting the information.
Loder stated that the attack affected Twitter users in the European Union and the United States, he also confirmed that the report of the breached data is correct and occurred no earlier than 2021.
The removal of his tweet and suspension of his account has fueled speculation about his statement being true and that Twitter is attempting to hide the data breach.
Earlier this year, Twitter confirmed that the private user data for 5.4 million users was stolen due to an API vulnerability, but the company said it had “no evidence” that it was exploited.
Yahoo news reported that all of those accounts have now been exposed on a hacker form. On top of that, an additional 1.4 million Twitter profiles for suspended users was reportedly shared privately, and an even larger data dump with the data of “tens of millions” of other users may have come from the same vulnerability.
The owner of hacking forum called Breached told BleepingComputer that it was responsible for exploiting the weakness (originally obtained from another hacker called “Devil”) and dumping the user records.
It said that it also obtained 1.4 million Twitter profiles for suspended accounts, obtained via another API, but only shared those privately among a few individuals.