Private details of 5.4 million Twitter users up for sale in massive data breach

This data anomaly was confirmed by a Los Angeles-based cyber security expert and founder of Habitu8, Chad Loder who warned of a data breach at Twitter that has allegedly affected “millions” in the US and EU in particular.

Loder had on November 23, 2022, sent out the warning on his Twitter page to users in a series of tweets claiming he had also spoken to potential victims of the breach, who had confirmed it.

There was, however, a suspicion that Twitter had gone ahead to cover up the leak as Loder's account was immediately suspended just after he sent out the alert.

The data leak first came into the limelight at the end of July when a threat actor obtained millions of accounts by exploiting a now-fixed vulnerability (according to Twitter) in the popular social media platform.

The threat actor later went ahead to offer the leaked data (exact figure of affected accounts - 5,485,636) for sale at a $30,000 price tag on the popular hacking forum, Breached Forums.

While giving further insight into the attack, Loder confirmed that any Twitter account that enabled the “let others find you by phone number” feature in its “discoverability” settings will automatically be affected. He also added that “all accounts for the entire country code of France” with their full mobile numbers have been captured in the data breach.

It is believed this information (The hack) was obtained by hackers in December 2021 using a Twitter API vulnerability.

After eight months, Twitter confirmed in August 2022, that hackers had taken advantage of the vulnerability to cause chaos but also claimed that the flaw was patched in January 2022.

According to Dailymail, there is confirmation that the compromised 5.4 million Twitter records have now been shared for free on a hacking forum as recent as November 2022.

Bleeping Computer has also alerted users to be extra conscious about replying to emails from 'Twitter’ as they could likely be fake and created to steal login credentials.

'If you receive an email claiming your account was suspended, there are login issues, or you are about to lose your verified status, and it prompts you to login on to a non-Twitter domain, ignore the emails and delete them as they are likely phishing attempts,' Bleeping Computer states.

Loder's intel has, however, cast aspersions on Twitter's earlier announcement that it had managed the breach. According to Cyber Security Hub, Loder had maintained that the current attack is different from the first reported breach unless Twitter “lied” about the July breach.

According to Loder, the data from this breach is in a “completely different format” and has “different affected accounts”. Loder believes this particular breach has been caused by malicious actors who had taken advantage of the same vulnerability that caused the first breach that was reported in July.

Twitter's decision to remove Loder's tweets and subsequent suspension has raised concerns that Twitter is trying to cover up the data breach.