Security News > 2022 > December > Twitter confirms recent user data leak is from 2021 breach
Twitter confirmed today that the recent leak of millions of members' profiles, including private phone numbers and email addresses, resulted from the same data breach the company disclosed in August 2022.
Twitter says its incident response team analyzed the user data leaked in November 2022 and confirms it was collected using the same vulnerability before it was fixed in January 2022.
"As soon as we became aware of the news, Twitter's Incident Response Team compared the data in the new report to data reported by the media on 21 July 2022. The comparison determined that the exposed data was the same in both cases." - Twitter.
In January 2022, Twitter received a report through its bug bounty program that an API vulnerability allows an attacker to feed email addresses or phone numbers and get an associated Twitter ID for a registered account.
Around the same time, a researcher also shared samples of an additional set of Twitter profiles scraped using the vulnerability that was not included in the original 5.4 million user breach.
While BleepingComputer has not been able to confirm the extent of this additional data set, we were able to examine a sample of a data set containing 1.4 million previously undisclosed French Twitter account records.
News URL
Related news
- Shopping platform PandaBuy data leak impacts 1.3 million users (source)
- Week in review: 73M customers affected by AT&T data leak, errors led to US govt inboxes compromise (source)
- Home Depot confirms worker data leak after miscreant dumps info online (source)
- Hacker claims Giant Tiger data breach, leaks 2.8M records online (source)
- Chipmaker Nexperia confirms breach after ransomware gang leaks data (source)
- Cerebral to pay $7 million settlement in Facebook pixel data leak case (source)
- UnitedHealth confirms it paid ransomware gang to stop data leak (source)