Twitter has reported that many emails and phone numbers were leaked in November 2022. These are used to identify possible Twitter profiles associated with it. However, the user data has been analyzed by researchers, and it appears to be the same set of private information that was acknowledged in August 2022.
Timeline of the Data Breach
The cyberattack was said to have happened back in 2021 when Twitter updated its code. It was only reported by January 2022 through the platform's bug bounty program, wherein an API vulnerability was found allowing hackers to have access to private email accounts and phone numbers.
The hacker would use that information to find an account associated with it on Twitter. The problem has already been fixed, but not before the hackers managed to steal them and create 5.4 million user profiles.
The data was then sold through a forum back in July 2022. According to Bleeping Computer, two people intended to buy the leaked data for $30,000. The attack was not announced until August 2022 by Twitter.
Twitter claimed that they had notified confirmed account owners about the situation. The platform then released an update to inform others with accounts that were also potentially affected by the breach.
Around September and November 2022, the hackers revealed the 5.4 million accounts which have been passed around with other hackers in JSON file format. Although, a researcher discovered that the breach affected way more than 5.4 million.
The API vulnerability actually caused 17 million records to be breached. Independent researchers contacted the numbers from the 1.4 million data set of private Twitter account records. This confirmed that the published private data was legitimate.
Read Also: 5 Best Twitter Alternatives To Check Out Today
Precautions
Twitter has acknowledged the problems that come with the breach and advised users to take other measures to protect their private data or identity. According to the platform's blog, it's best to use a phone number or email address that is not publicly known.
Although they claimed that no passwords were exposed, Twitter still encourages people to use two-factor authentication via authentication apps or even security keys to protect their accounts. This will protect them from unauthorized log-ins should a hacker attempts to.
Users are also encouraged to remain vigilant, as hackers may use private information to create phishing campaigns. When you receive an email that claims urgent matters require your private information, do not provide it to them.
The platform also urged people to double-check if the email came from a legitimate Twitter source. If not, users can easily report suspicious activities via Help Center. Users may also ask questions about protecting their private information through its Data Protection Inquiry Form.
You may also follow Twitter Support's account to see tips and instructions from the platform's Support Team. Should your case become extensively damaging, you may file a ticket through the Help Center so you may receive direct assistance from Twitter personnel.
Related Article: Over 5.4 Million Twitter Users' Data Have Been Leaked, Reports Say
