Twitter confirms that the recent data breach is from 2021

Twitter today confirmed that millions of member profiles were leaked, along with private numbers and emails, due to the same data breach as August 2022.

Twitter claims that its incident response team has analyzed user data leakage in November 2022, and confirmed it using the same vulnerability as the January 2022 fix.


Twitter’s Incident Response Team was quick to compare the information in the report with the 21 July 2022 media reports. It was clear that both the reported and unreported data were the same. – Twitter.

Hacking forums leak data

Twitter was notified by its bug bounty program in January 2022 that there is an API vulnerability that allows attackers to send email addresses and phone numbers, as well as get a Twitter ID.

Twitter users who post anonymously may be concerned about privacy because their email and phone addresses do not need to be made public.

Twitter had not yet remedied the issue. A threat actor already used the API vulnerability to enter millions of phone numbers and email addresses to create 5.4million user profiles that contained both public and private data.

The scraped data was then for $30,000 in July 2022, and two individuals allegedly bought it at a lower price than the original asking.

Twitter data being sold on a hacker forum

Source: BleepingComputer

A threat actor published a JSON file in September 2022 and November 20,22 containing all 5.4 million records that were scraped by 2021. This JSON file was private circulated between a few threat actors.

A researcher shared also samples of a . These Twitter profiles weren’t part of the initial 5.4 million users breach.

The data set may be even more comprehensive, with 17,000,000 records allegedly collected by the same API flaw.

BleepingComputer was not able confirm the existence of this data set. However, we were able examine a small sample of data that contained 1.4 million French account records.

BleepingComputer obtained this sample from Twitter to confirm the identity of listed users.

Twitter has yet to confirm the number of users who were exposed, despite the fact that its latest update suggests the vulnerability was disclosed last month.

Twitter recommends users to enable two-factor authentication and use hardware keys or authenticator apps to safeguard their accounts. Users should also be vigilant about any incoming email related to Twitter accounts.

Twitter warns that Twitter users should be extra cautious when they receive any type of communication via email. Threat actors could use the information to launch very successful phishing campaigns.

Be wary of email that conveys urgency or requests your personal information. Always double-check to ensure the emails come from legitimate Twitter sources.

12/12/22: Title changed to indicate that breach occurred in 2021, and was confirmed in August.