Skip to main content
  1. Home
  2. Computing
  3. Social Media
  4. News

Oh great, now our Twitter data is for sale on the dark web

Add as a preferred source on Google

In case you haven’t been closely following in-depth hacker news feeds (and we don’t blame you if you haven’t), you may have missed an announcement in January from HackerOne detailing a security vulnerability in the Twitter code. The vulnerability let hackers steal phone numbers and emails of users.

Well, a list of millions of Twitter users just showed up for sale on the dark web.

Recommended Videos

Restore Privacy, a security and privacy watchdog, reported the list of 5.4 million Twitter user emails and phone numbers for sale on a dark web site called Breached Forums. The hacker selling the list claims it contains the private data of “Celebrities, to Companies, randoms, OGs, etc.”

The vulnerability found in January and the sale of personal datasets from Twitter are too closely linked to be mere coincidence.

In January, HackerOne user zhirinovskiy submitted a bug report he had found while analyzing Twitter’s codebase. It was an exploit that could potentially allow a threat actor to access the emails and phone numbers of Twitter users. Although there was no sign of a data breach at the time, zhirinovskiy was concerned.

“This is a serious threat,” zhirinovskiy said in his bug report. “As people can not only find users who have restricted the ability to be found by email/phone number, but any attacker with a basic knowledge of scripting/coding can enumerate a big chunk of the Twitter user base unavailable to enumeration prior (create a database with phone/email to username connections).”

“Thank you for your report @zhirinovksiy,” a Twitter employee named bugtriage_simon replied to the report. “We’re looking into this and will keep you updated when we have additional information. Thank you for thinking of Twitter security.”

The reply came on January 6, five days after zhirinovskiy posted his report.

On January 13, Twitter closed the report and commented: “We consider this issue to be fixed now. Can you please confirm?”

“I can confirm the issue is fixed,” zhirinovskiy replied the same day. Twitter rewarded him for his efforts.

Judging from the exchange of comments on the initial bug report, it took nearly two weeks for Twitter to fix the vulnerability. At some point, a threat actor snuck in and stole 5.4 million datasets. Whether it was done before zhirinovskiy discovered the exploit or after he had posted it remains unknown. What is known is those emails and phone numbers are now for sale.

If your data was included in the breach, you can expect to receive an uptick in spam emails and scammer calls. We recommend using Apple’s Hide My Email if you have iPhone. Also, check out our tips for increasing your online privacy.

Nathan Drescher
Former Computing Writer
Nathan Drescher is a freelance journalist and writer from Ottawa, Canada. He's been writing about technology from around the…
ChatGPT will now remind teens to take breaks and give parents more controls
New parental controls include Quiet Hours, Study Mode defaults, and alerts for serious account violations.
chatgpt-teen-safety-features

OpenAI wants to make ChatGPT safer for teens, and the changes go well beyond a simple content filter. In a new update, the company laid out its stance on why teens should have access to AI in the first place, arguing that keeping them away from it entirely would leave them unprepared for one of the defining technologies of their generation.

Nearly 90% of teens already use ChatGPT weekly for learning, research, or getting organized, which is why OpenAI says access needs to come paired with real protections built for their age.

Read more
ChatGPT’s new search tool saves you from digging through old chats, files, and images
You can also filter ChatGPT search results by content type.
chatgpt-new-search

If you have ever lost a great ChatGPT answer somewhere in your endless chat history, that headache is finally over. OpenAI has rolled out a major search upgrade that lets you find old chats, projects, documents, and images all from one place.

Before this update, the sidebar search only pulled up past conversations, leaving uploaded files, projects, and generated images completely out of reach. The new search option is now available across web, iOS, and Android, on every ChatGPT plan, including free accounts.

Read more
You can now link your favorite apps to AI Mode in Google Search to get things done
AI Mode now works with Instacart, Canva, and YouTube Music inside Search.
google-search-ai-mode-connect-apps

Google is making AI Mode in Search more useful by letting you connect third-party apps. Starting this week in the US, you can securely connect some of your go-to apps directly to AI Mode, letting Search actually complete tasks for you instead of just answering questions.

This update builds on a similar trick Google already pulled off inside the Gemini app, and now it is landing in Search itself. The initial rollout includes three launch partners, Instacart, Canva, and YouTube Music, with Google saying more app integrations are on the way.

Read more