Skip to main content
  1. Home
  2. Computing
  3. News

Oh great, now our Twitter data is for sale on the dark web

By

In case you haven’t been closely following in-depth hacker news feeds (and we don’t blame you if you haven’t), you may have missed an announcement in January from HackerOne detailing a security vulnerability in the Twitter code. The vulnerability let hackers steal phone numbers and emails of users.

Well, a list of millions of Twitter users just showed up for sale on the dark web.

Recommended Videos

Restore Privacy, a security and privacy watchdog, reported the list of 5.4 million Twitter user emails and phone numbers for sale on a dark web site called Breached Forums. The hacker selling the list claims it contains the private data of “Celebrities, to Companies, randoms, OGs, etc.”

Please enable Javascript to view this content

The vulnerability found in January and the sale of personal datasets from Twitter are too closely linked to be mere coincidence.

Related

In January, HackerOne user zhirinovskiy submitted a bug report he had found while analyzing Twitter’s codebase. It was an exploit that could potentially allow a threat actor to access the emails and phone numbers of Twitter users. Although there was no sign of a data breach at the time, zhirinovskiy was concerned.

“This is a serious threat,” zhirinovskiy said in his bug report. “As people can not only find users who have restricted the ability to be found by email/phone number, but any attacker with a basic knowledge of scripting/coding can enumerate a big chunk of the Twitter user base unavailable to enumeration prior (create a database with phone/email to username connections).”

“Thank you for your report @zhirinovksiy,” a Twitter employee named bugtriage_simon replied to the report. “We’re looking into this and will keep you updated when we have additional information. Thank you for thinking of Twitter security.”

The reply came on January 6, five days after zhirinovskiy posted his report.

On January 13, Twitter closed the report and commented: “We consider this issue to be fixed now. Can you please confirm?”

“I can confirm the issue is fixed,” zhirinovskiy replied the same day. Twitter rewarded him for his efforts.

Judging from the exchange of comments on the initial bug report, it took nearly two weeks for Twitter to fix the vulnerability. At some point, a threat actor snuck in and stole 5.4 million datasets. Whether it was done before zhirinovskiy discovered the exploit or after he had posted it remains unknown. What is known is those emails and phone numbers are now for sale.

If your data was included in the breach, you can expect to receive an uptick in spam emails and scammer calls. We recommend using Apple’s Hide My Email if you have iPhone. Also, check out our tips for increasing your online privacy.

Editors’ Recommendations

Topics
Nathan Drescher
Nathan Drescher
Former Digital Trends Contributor
Nathan Drescher is a freelance journalist and writer from Ottawa, Canada. He's been writing about technology from around the…
Intel’s promised Arrow Lake autopsy details up to 30% loss in performance
The Core Ultra 9 285K socketed into a motherboard.

Intel's Arrow Lake CPUs didn't make it on our list of the best processors when they released earlier this year. As you can read in our Core Ultra 9 285K review, Intel's latest desktop offering struggled to keep pace with last-gen options, particularly in games, and showed strange behavior in apps like Premiere Pro. Now, Intel says it has fixed the issues with its Arrow Lake range, which accounted for up to a 30% loss in real-world performance compared to Intel's in-house testing.

The company identified five issues with the performance of Arrow Lake, four of which are resolved now. The latest BIOS and Windows Updates (more details on those later in this story) will restore Arrow Lake processors to their expected level of performance, according to Intel, while a new firmware will offer additional performance improvements. That firmware is expected to release in January, pushing beyond the baseline level of performance Intel expected out of Arrow Lake.

Read more
You can get this 40-inch LG UltraWide 5K monitor at $560 off if you hurry
A woman using the LG UltraWide 40WP95C-W 5K monitor.

If you need a screen to go with the upgrade that you made with desktop computer deals, and you're willing to spend for a top-of-the-line display, then you may want to set your sights on the LG 40WP95C-W UltraWide curved 5K monitor. From its original price of $1,800, you can get it for $1,240 from Walmart for huge savings of $560, or for $1,275 from Amazon for a $525 discount. You should complete your purchase quickly if you're interested though, as there's no telling when the offers for this monitor will expire.

Why you should buy the LG 40WP95C-W UltraWide curved 5K monitor
5K monitors are highly recommended for serious creative professionals, such as graphic designers and filmmakers, for their extremely sharp details and precise colors, and the LG 40WP95C-W UltraWide curved 5K monitor is an excellent choice. We've tagged it as the best ultrawide 5K monitor in our roundup of the best 5K monitors, with its huge 40-inch curved screen featuring 5120 x 2160 resolution, 98% coverage of the DCI-P3 spectrum, and support for HDR10 providing striking visuals that you won't enjoy from most of the other options in the market.

Read more
Generative-AI-powered video editing is coming to Instagram
Instagram on iPhone against a colorful background.

Editing your Instagram videos will soon be as simple as typing out a text prompt, thanks to a new generative AI tool the company hopes to release in 2025, CEO Adam Mosseri announced Thursday.

The upcoming tool, which leverages Meta's Movie Gen model, will enable users to "change nearly any aspect of your videos," Mosseri said during his preview demonstration. Those changes range from subtle modifications, like adding a gold chain to his existing outfit or a hippo in the background, to wholesale alterations including swapping his wardrobe or giving himself a felt, Muppet-like appearance.

Read more