A Twitter spokesperson confirmed that the breach that affected millions of users' profiles, including private phone numbers and email addresses, was indeed caused by the same data breach that Twitter disclosed in August 2022, in which millions of emails and phone numbers were obtained.
A Twitter spokesperson said the company's incident response team analyzed the leaked user data in November 2022. They found that each of the leaks was caused by the same vulnerability. It was before the January 2022 fixes were made.
The Twitter official posted, "When Twitter learned about the news, the Incident Response Team evaluated the newly released report, which compares the data to data published by the media on 21 July 2022. Upon comparison, the Incident Response Team found the exposed data was the same in both cases.
An update posted by Twitter on November 20, 2022, says that the data of some of its users may have been leaked online due to a security issue.
On the Forum of a Hacker, Some Data was Leaked
According to Twitter's bug bounty program, the company received a report about an issue in January 2022. As described in the announcement above, an API flaw allows an attacker to feed email addresses or phone numbers into an API loophole. This will enable them to obtain a Twitter ID associated with the email address or phone number.
For Twitter users who wish to post anonymously, this could pose a significant risk to their privacy. This is because members' phone numbers and email addresses are not meant to be public.
By the time Twitter rectified the problem, there had already been 5.4 million user profiles created. These consisted of private and public information provided by millions of email addresses and phone numbers. The API vulnerability is currently being exploited by threat actors contributing to creating those profiles.
The scraped data was sent to a hacker forum in July 2022 and listed for sale for $30,000. According to the forum, two people are alleged to buy the data for less than the original price.
As a result of a threat actor operation in September and November 2022, a file containing all 5.4 million records scraped from the internet in 2021 was released to the public in JSON file format. In the past, this document was distributed privately between a limited number of threat actors and was not publicly available.
It was also announced that an independent researcher also shared samples of an additional set of Twitter profiles that had previously been scraped to exploit the vulnerability. There were 5.4 million users whose profiles were compromised in the original breach, but these profiles were not included.
According to the report, the data set collected using the same API flaw is reportedly much bigger, containing 17 million records.
There was no confirmation of the extent of the additional data set. However, a report examined an excerpt of a data set containing 1.4 million previously undisclosed French Twitter account records.
Despite Twitter's recent updates indicating that the data leaked last month is related to the vulnerability previously disclosed, the company has not confirmed exactly how many users have been exposed to the flaws.
It is recommended that users enable two-factor authentication on their Twitter accounts and use authenticator apps or hardware keys to protect their Twitter accounts. Twitter also asked its users to be extra vigilant about all incoming emails related to their Twitter accounts when they receive them.
As a Twitter user, you should always remain vigilant when receiving any kind of email communication, as it is likely that threat actors may use the leaked information to create extremely effective phishing campaigns, Twitter warned.
It is always advisable to be cautious of emails that convey a sense of urgency or emails that appear to be requesting private information from you. Always ensure that the email is coming from an authentic Twitter source.
