The private information of 5.4 million Twitter users obtained in a 2021 data breach is now accessible for free on a hacking forum, according to reports.
Security researchers fear that threat actors may have also orchestrated an even bigger breach, affecting more than three times the number of users, facilitated by the same vulnerability.
In an era in which multiple data breaches occur on a weekly basis, equipping yourself with relevant, mitigative technology like password managers is of paramount importance.
Twitter Data Available for Free
The data of 5.4 million Twitter users, which already appeared online this year and was advertised on hacking forums alongside a hefty price tag, now appears available for anyone to view and download, without a fee.
Information stolen in the breach, which is now freely available, includes private email addresses or phone numbers coupled with related public data like users’ screen names, verified statuses, locations, URLs, follower counts, and profile image URLs, among other account data.
However, according to Bleeping Computer, a similar yet bigger breach has allegedly been orchestrated using the same vulnerability, affecting 17 million users – although this still needs to be properly verified.
Twitter’s Data Breach: Timeline
As previously stated, the data discussed above is not from a new breach – it was originally stolen back in 2021. Here’s a quick timeline of events:
- December 2021: Private information belonging to Twitter users is collected via a vulnerability that allowed threat actors to submit information like phone numbers to the API and recover Twitter account data.
- January 2022: Twitter admits that its systems were vulnerable since a July 2021 update that caused the bug and allowed data to be lifted from their systems.
- July 2022: A threat actor advertises Twitter’s stolen data on a forum, with a $30,000 price tag. Reports suggest two parties purchased it for less than this figure.
- November 2022: The same data is now available online for free on hacking forums.
Most recently, it has become clear that more than one threat actor leveraged the same vulnerability to extract data from Twitter’s systems.
Find Out If You’ve Been Affected
Unfortunately, it’s pretty likely that at least one company you trust to handle and store your personal information will suffer a data breach at some point. But there are plenty of things you can do to improve your security and minimize the potential impact.
Using a password manager to maintain strong and unique passwords across multiple sites is one way to ensure that account credentials and personal information you’ve used to create an account for any given organization’s website won’t help a threat actor hack into other accounts you’ve made.
If you’re worried you’ve been affected by this Twitter data breach – or any other data breach – you can use sites like haveibeenpwned.com to crawl the web for instances of your personal information.
Also, you should ensure you’re keeping your eyes peeled for emails asking you to provide any kind of Twitter account information – even if they purport to be from Twitter – as this could be someone using leaked data to target you with a phishing campaign.
Lastly, if you want to find out about potential breaches of your data more quickly in the future, then you can download privacy and security software like Surfshark One — a speedy VPN that comes with data leak and breach alerts. It’s better to find out early so you can check any affected accounts fast, and be on an even higher alert for related phishing attempts, to avoid further problems.