Skip to main content

Oh great, now our Twitter data is for sale on the dark web

In case you haven’t been closely following in-depth hacker news feeds (and we don’t blame you if you haven’t), you may have missed an announcement in January from HackerOne detailing a security vulnerability in the Twitter code. The vulnerability let hackers steal phone numbers and emails of users.

Well, a list of millions of Twitter users just showed up for sale on the dark web.

Restore Privacy, a security and privacy watchdog, reported the list of 5.4 million Twitter user emails and phone numbers for sale on a dark web site called Breached Forums. The hacker selling the list claims it contains the private data of “Celebrities, to Companies, randoms, OGs, etc.”

The vulnerability found in January and the sale of personal datasets from Twitter are too closely linked to be mere coincidence.

In January, HackerOne user zhirinovskiy submitted a bug report he had found while analyzing Twitter’s codebase. It was an exploit that could potentially allow a threat actor to access the emails and phone numbers of Twitter users. Although there was no sign of a data breach at the time, zhirinovskiy was concerned.

“This is a serious threat,” zhirinovskiy said in his bug report. “As people can not only find users who have restricted the ability to be found by email/phone number, but any attacker with a basic knowledge of scripting/coding can enumerate a big chunk of the Twitter user base unavailable to enumeration prior (create a database with phone/email to username connections).”

“Thank you for your report @zhirinovksiy,” a Twitter employee named bugtriage_simon replied to the report. “We’re looking into this and will keep you updated when we have additional information. Thank you for thinking of Twitter security.”

The reply came on January 6, five days after zhirinovskiy posted his report.

On January 13, Twitter closed the report and commented: “We consider this issue to be fixed now. Can you please confirm?”

“I can confirm the issue is fixed,” zhirinovskiy replied the same day. Twitter rewarded him for his efforts.

Judging from the exchange of comments on the initial bug report, it took nearly two weeks for Twitter to fix the vulnerability. At some point, a threat actor snuck in and stole 5.4 million datasets. Whether it was done before zhirinovskiy discovered the exploit or after he had posted it remains unknown. What is known is those emails and phone numbers are now for sale.

If your data was included in the breach, you can expect to receive an uptick in spam emails and scammer calls. We recommend using Apple’s Hide My Email if you have iPhone. Also, check out our tips for increasing your online privacy.

Editors' Recommendations

Nathan Drescher
Former Digital Trends Contributor
Nathan Drescher is a freelance journalist and writer from Ottawa, Canada. He's been writing about technology from around the…
How to enable secure boot in Windows 11
Secure Boot setting in an ASUS BIOS.

Enabling Secure Boot is an important step in upgrading to Windows 11, as it's part of the system requirements. It ensures that unauthorized software can't run on your PC, and you will have to enable it before you install Windows 11 or it just won't work. Fortunately, enabling Secure Boot is as quick as changing a single BIOS setting.

Here's how to do it.

Read more
No, Intel’s Lunar Lake CPUs aren’t being delayed
Intel keynote.

Intel's hotly-anticipated Lunar Lake CPUs look like they're suffering a delay, at least according to a report from DigiTimes. The outlet, which covers semiconductor news, says that shipments of the chips are arriving in September and that they were originally planned for June. Intel says otherwise, however.

When Intel first announced Lunar Lake, it said they would arrive between July and September of this year. More specifically, the company pointed out that they'd be available before the holiday shopping season. If June was the original plan, we'd already have a lot more details about the processors. It looks like September was the target all along.

Read more
Hacker claims to have hit Apple days after hacking AMD
The Apple logo is displayed at the Apple Store June 17, 2015 on Fifth Avenue in New York City

Data breaches happen all the time, but when the giants get hit, it's impossible not to wonder what kind of critical data may become exposed. Earlier this week, notorious cybercriminal Intelbroker reported that they managed to hack AMD. Now, they followed up with claims about hacking Apple, and went as far as to share some internal source code on a hacking forum.

As Apple has yet to comment, all we have to go off is the forum post, first shared by HackManac on X (formerly Twitter). In the post, Intelbroker states that Apple suffered a data breach that led to the exposure of the source code for some of its internal tools. The tools include AppleConnect-SSO, Apple-HWE-Confluence-Advanced. There's been no mention of any customer data being leaked, which is good news, but there could still be some impact on Apple if this proves to be true.

Read more