The data dump was identified by the founder of cyber security awareness company Habitu8, Chad Loder, who shared the news in a post to his Twitter account on November 23 – and his account was suspended shortly after posting.
Loder announced the attack impacted users in the European Union and the United States and the data exposed was enough to unleash phishing attacks to obtain login credentials, Daily Mail reported on Monday.
Removing Loder’s tweets and suspension has sparked concerns that Twitter is trying to hide the issue, with some Twitter users saying Musk “banned [Loder] for exposing how weak Twitter security is.”
It was gathered that user data was first posted on a hacking forum with a $30,000 price tag in July, but the recent sale offered this information for free, according to Bleeping Computer.
It is believed that hackers obtained the information in “December 2021 using a Twitter API vulnerability disclosed in the HackerOne bug bounty program that allowed people to submit phone numbers and email addresses into the API to retrieve the associated Twitter ID,” according to Bleeping Computer.
Twitter confirmed in August that bad actors took advantage of the vulnerability but patched the flaw in January 2022.
At this time, Twitter reported it had “no evidence” that the flaw had been exploited.
Daily Mail notes it has contacted Twitter and Loder for comment.
Bleeping Computer reports that Pompompurin, the owner of the Breached hacking forum, is responsible for exploiting the flaw in December and created the extensive database that was then posted online by a hacker known as ‘Devil.’
This hacker listed 5,485,636 user account records on the dark web in July and it is believed two parties purchased the information for less than the $30,000 price tag.
And on top of the 5.4 million records, there were an additional 1.4 million Twitter profiles for suspended users collected using a different API.
Pompompurin told Bleeping Computer that they were not involved with the latest data dump.
This suggests multiple people, or hacking groups, took advantage of the flaw last December.
In September, and now more recently, on November 24, the 5.4 million Twitter records have now been shared for free on a hacking forum.
Bleeping Computer is now warning users to be weary of emails from Twitter, as they could likely be fake and designed to steal login credentials.
“If you receive an email claiming your account was suspended, there are login issues, or you are about to lose your verified status, and it prompts you to login on to a non-Twitter domain, ignore the emails and delete them as they are likely phishing attempts,” Bleeping Computer states.
Loder sounded the alarm about the latest data dump in a tweet, “I have just received evidence of a massive Twitter data breach affecting millions of Twitter accounts in the European Union and United States. I have contacted a sample of the affected accounts and they confirmed that the breached data is accurate.
“This breach occurred no earlier than 2021.”
However, Loder is also known as an ‘antifascist blogger’ who helped identify a “proud boy member who attacked policemen on January 6,” according to a Reddit post shared on Friday.
A reporter for The Intercept, Robert Mackey, shared on his Twitter account on November 24 that the reason Loder’s account was suspended was “likely to suppress reporting on right-wing extremists.”