Threat actor publicly shares stolen data of 5.4 million Twitter users

Last week a data broker using the handle “Pompompurin” uploaded a database with the stolen information of 5.4 million Twitter users on a hacking forum.

The records, now publicly available to download, are the same ones put up for sale in late July 2022 for $30,000 US, after malicious actors exploited a now disclosed Twitter API vulnerability from 2021.

According to the author, the database available for download only contains the information for active Twitter users – including email addresses or phone numbers alongside public-facing information of accounts such as usernames, bio, location and profile photo.

BleepingComputer researchers who spoke to hacking forum owner Pompompurin over the weekend said he and his associates were not the only ones exploiting the Twitter vulnerability to steal records.

Moreover, the database shared doesn’t contain the info belonging to an additional 1.4 million Twitter profiles that were suspended, and this data “was only shared privately among a few people.”

Data breach allegedly more significant than believed – 17 million users may be at risk

An independent security researcher announced a more significant breach affecting users in Europe and the US on Nov. 23.

While Loder’s Twitter account was suspended shortly after this post, the researcher posted additional updates on his Twitter page earlier today.

“This Twitter data breach has not been reported before,” Loader said. “Any Twitter account with "Let others find you by your phone" enabled in Discoverability settings is affected. All accounts for the entire country code of France (+33) are listed in the dataset with their mobile numbers.”

BleepingComputer also confirmed the new data dump contains over 1.3 million phone numbers belonging to users in France.

“We have since confirmed with numerous users in this leak that the phone numbers are valid, verifying this additional data breach is real,” BleepingComputer said.

“Furthermore, none of these phone numbers are present in the original data sold in August, illustrating how much larger Twitter's data breach was than previously disclosed and the large amount of user data circulating among threat actors. Pompompurin also confirmed with BleepingComputer that they were not responsible and did not know who created this newly discovered data dump, indicating that other people were using this API vulnerability.”

The online publication said the new data dump allegedly contains over 17 million records of users in Europe, Israel and the US, and one of Loder’s recent tweets puts this into perspective.

“From what I have confirmed, the breached Twitter data covers, at a minimum, the full phone number spaces for multiple country codes in the EU, and some area code in the US,” the tweet said. “The dataset includes verified accounts, celebrities, prominent politicians, and government agencies.”

If confirmed, this new data puts additional millions of Twitter users at risk of falling victim to cybercriminals and fraud.

All Twitter users should remain vigilant against phishing notes (text and email) announcing that their accounts are subject to suspicious activity or are about to be suspended.

If you want to stay on top of data breaches and leaks affecting your social media profiles, grab a Bitdefender Digital Identity Protection tool today.

The privacy-focused service lets you easily monitor and manage your digital identity to defend against privacy and security risks with:

• 24/7 data breach monitoring on the public and dark web
• A 360-degree mapping of all your personal data found online
• Easy way to sniff out social media impersonators
• Concise and 1-click action items that allow you to act fast and limit the damages of data breaches