11:19
18:32
10:20
16:54
20:25
11:17
11:19
18:32
10:20
16:54
20:25
11:17
11:19
18:32
10:20
16:54
20:25
11:17
11:19
18:32
10:20
16:54
20:25
11:17
Hackers have stolen data from 1.4 million Twitter accounts and posted it on hacker forums. The stolen information contains user data, including passwords, phone numbers.
Previously, the data of 5.4 million users had been stolen thanks to an API vulnerability that was disclosed in the HackerOne bug and vulnerability bounty programme, BleepingComputer reported.
The vulnerability allowed phone numbers and email addresses to be sent to the API to obtain associated Twitter IDs, which in turn allowed hackers to steal personal data. The vulnerability allowed anyone to obtain a Twitter user ID by entering a phone number or email address into the system, even if the user had disabled this option in their account.
Last week, hackers also accessed data on 1.4 million profiles of blocked Twitter users.
The data was published on the BreachForums forum, where the original 5.4 million data points were shared for free. It turns out that 7 million users or former users are affected by the hack.
BleepingComputer said it had contacted a user nicknamed Pompompurin, the owner of the Breached website, who claims to have been the original hacker who hacked Twitter late last year. He said that 1.4 million entries should not have been published, but it seems that the leak happened anyway.
The hacker originally demanded $30,000 on the Breached hacking forum for the personal data of 5.4 million Twitter users stolen in December 2021 but the latest post said the data was posted online for free.