Twitter Hacked with 5.4 Million Personal Details Leaked in the Dark Web

The biggest oopsie in social media history might have just happened.

Twitter has been hacked, and 5.4 million personal details have been leaked into the dark web.

On Wednesday (23 November), a hacker posted in a forum that he was offering the 5.4 million Twitter user’s leaked data for free.

This was spotted by Chad Loder, founder of cyber security awareness company Habitu8, who tweeted about it on that day.

His account has suspended the day after, which made netizens believe that Elon Musk was trying to hide the fact that Twitter had such weak security.

What the Hack is All About

According to Bleeping Computer, the data was first obtained in “December 2021 using a Twitter API vulnerability disclosed in the HackerOne bug bounty program that allowed people to submit phone numbers and email addresses into the API to retrieve the associated Twitter ID.”

Twitter confirmed the vulnerability in August and patched it in January 2022.

Bleeping Computer reported that the flaw was first exposed by a user named Pompompurin, the owner of the Breached hacking forum.

Then, a hacker by the name of “Devil” took advantage of it and stole 5.4 million user data and offered it at $30,000.

Apparently, two parties bought the data.

But “Devil” isn’t the only one who took advantage of the Twitter vulnerability. More users started to appear, saying they had access to the data, and some were even giving it away for free.

Bleeping Computers is now warning users to be wary of emails that come from Twitter as they could be a scam.

If they ask you to key in your information at a site that has no link to Twitter, I’m sure you can tell that it’s a red flag.

If your account has been suspended or if you’ve been locked out, you can try to contact customer support on Twitter. No promises, though, as they might have 5.4 million other users to attend to.

Read also:

Featured Image: Unsplash.com