Security News > 2022 > December > Twitter data of “+400 million unique users” up for sale – what to do?
I'm selling data of +400 million unique Twitter users that was scraped via a vulnerability, this data is completely private.
Although the crooks behind this data sell-off wrote that the information "Includes emails and phone numbers", it seems likely that's the only truly private data in the dump, given that it seems to have been acquired back in 2021, using a vulnerability that Twitter says it fixed back in January 2022.
As you can imagine, a vulnerability that lets criminals look up the known phone numbers of specific individuals for nefarious purposes, such as harassment or stalking, is likely also to allow attackers to look up unknown phone numbers, perhaps simply by generating extensive but likely lists based on number ranges known to be in use, whether those numbers have ever actually been issued or not.
We regularly see huge lists of data "Stolen from X" up for sale on the dark web, even when service X hasn't had a recent breach or vulnerability, because that data had been stolen earlier on from somewhere else.
Simply put, Twitter does have plenty of explaining to do, and Twitter users everywhere are likely to be asking, "What does this mean, and what should I do?".
The message screenshot that we saw didn't even mention deleting the data if Twitter were to pay up.