Millions of Twitter users’ stolen data available for free to hackers
Hackers can have your phone number or email address for free
One data dump, as per Bleeping Computers, consists of records of 5,485,635 users, including public data such as Twitter ID, name, profile image verified status, location, etcetera. But it also includes the phone number and email address of the users. Earlier, this data dump was priced at $30,000, but now it is available for free at a hacker forum.
Twitter data of 1.4 million users shared privately between hackers
Meanwhile, the second dump, unknown to everyone until now, consists of 1,377,132 phone numbers of users from France. This data dump is different from the data stolen in the July hack, and these phone numbers are circulating among a few bad actors, as per the cybersecurity forum. However, this data is not up for sale but is circulating among a few bad actors.
Chad Loder, a security expert, was the first one to break the news, but he was soon barred from the microblogging platform. Loder said that he contacted a sample of affected accounts, concluding that the data was accurate and this breach occurred in 2021.
Both hacks were the result of the same zero-day API bug that has now been fixed earlier this year in January.
What should you do
Even though the exploit has been fixed, however, this data is now available for free to hackers, putting users at risk of phishing. So, it is advised to ignore the emails asking you to restore your Twitter account, as they would likely be an attempt to gain access to your login credentials.
Twitter or its new owner Elon Musk has yet to acknowledge the second breach.