Elon Musk has been claiming to upgrade and transform the Twitter platform, but recently it was reported that at least 5.4 million Twitter users have recorded the data leak, as around 5.4 million data got stolen via an internal bug. The data was further leaked to an online hacker forum.
Furthermore, around 5.4 million data was recorded for sale online, there was an additional 1.4 million Twitter profiles which got collected by using a different Twitter application programming interface (API) which has been having, reportedly been shared privately among a few people.
The massive data consists of scraped public information along with private phone numbers and email addresses which are not meant to be public, says the report of Bleeping Computer.
Security expert Chad Loder first broke the news on Twitter and was suspended soon from the platform.
"I have just received evidence of a massive Twitter data breach affecting millions of Twitter accounts in the EU and the US. I have contacted a sample of the affected accounts and they confirmed that the breached data is accurate. This breach occurred no earlier than 2021," Loder posted on Twitter.
The data containing non-public information was stolen using a Twitter API vulnerability fix in January this year.
This data was collected in December 2021 using a Twitter API vulnerability disclosed in the HackerOne bug bounty programme, the report said on Sunday.
Most of the data consisted of public information, such as Twitter IDs, locations, names, login names and verified status.
It further included private information like phone numbers and email addresses.
The new boss of Twitter has still not commented on the report, by the time of writing.
Pompompurin, the owner of the Breached hacking forum, told BleepingComputer that "they were responsible for exploiting the bug and creating the massive dump of Twitter user records after another threat actor known as 'Devil' shared the vulnerability with them," the report mentioned.
As hackers released 5.4 million records online, an even larger data dump has allegedly been created using the same vulnerability, according to the report.
"We were told that it consists of over 17 million records but could not independently confirm this," said the report.