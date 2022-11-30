If you are an active user of twitter, it’s good to beef up your account security. Nothing more and nothing less than 5.4 million leaked accounts were made available for free on a hacker forum🇧🇷 Among the stolen information are email addresses and phone numbers of users. The leak of the accounts happened in July.

In August, the Twitter admitted that a bug was responsible for the breach security and data leakage. At the time, the files containing the leaked account information were being sold on deep web per $30k🇧🇷 This amounts to just over R$ 160,000 in direct conversion.

Read too

Elon Musk reveals the main functions of Twitter 2.0

End-to-end encryption is coming to Twitter

But it seems the hackers couldn’t find anyone interested. The fact is that the database containing the leaked accounts was released free of charge.

Leak was bigger than expected

The hacker forum in question is the breached🇧🇷 This is a well-known forum among hackers, who often use it as a meeting point to share their “achievements”. The owner of the forum confirmed to the BleepingComputer website that the accounts made available for free last week are the same ones that were being sold in July.

He also revealed that the leak was larger than the 5.4 million accounts as reported. In fact, hackers also had access to data from 1.4 million suspended accounts on the platform. So, adding it all up, they were 6.8 million leaked Twitter profiles🇧🇷 Quite a considerable number, don’t you think?

Second leak exposed a larger number of accounts

Apparently, there was a new data leak on Twitter that used the same security breach. Just to clear things up a bit, the first data leak, namely the one that exposed 6.8 million accounts, used a flaw in the Twitter API. That exploit it was found in December 2021 and fixed the following month.

However, cybersecurity expert Chad Loder, via your Twitter account, said that a new leak had happened on the social network. Interestingly, his Twitter account was suspended not long after. But the latest tweets are still available on the Web Archive. Even with the suspended account, the expert reinforced his statement on the Mastodon social network.

According to Chad Loder, the flaw takes advantage of the option to use the user’s phone number to find contacts in common. The new data leak captured full phone numbers, including area code, of users in European countries and the United States.

Evidence also indicates that a second hacker group took advantage of the breach. The owner of the Breached forum, quoted above, said that the new database had not been aggregated by anyone before. This suggests that another hacker group took advantage of the Twitter vulnerability.

Some rumors say that this leak was much worse. It is estimated that 17 million accounts have been affected🇧🇷 Twitter has yet to comment on the matter.

Sources: BleepingComputer and Engadget