Security News > 2022 > November > 5.4 million Twitter users' stolen data leaked online — more shared privately
Over 5.4 million Twitter user records containing non-public information stolen using an API vulnerability fixed in January have been shared for free on a hacker forum.
Last July, a threat actor began selling the private information of over 5.4 million Twitter users on a hacking forum for $30,000.
In addition to the 5.4 million records for sale, there were also an additional 1.4 million Twitter profiles for suspended users collected using a different API, bringing the total to almost 7 million Twitter profiles containing private information.
"I have just received evidence of a massive Twitter data breach affecting millions of Twitter accounts in EU and US. I have contacted a sample of the affected accounts and they confirmed that the breached data is accurate. This breach occurred no earlier than 2021," Loder shared on Twitter.
BleepingComputer has obtained a sample file of this previously unknown Twitter data dump, which contains 1,377,132 phone numbers for users in France.
None of these phone numbers are present in the original data sold in August, illustrating how much larger Twitter's data breach was than previously disclosed and the large amount of user data circulating among threat actors.