An even larger data dump privately created
While it is concerning that threat actors released the 5.4 million records for free, an even larger data dump was allegedly created using the same vulnerability.
This data dump potentially contains tens of millions of Twitter records consisting of personal phone numbers collected using the same API bug, and public information, including verified status, account names, Twitter ID, bio, and screen name.
The news of this more significant data breach comes from security expert Chad Loder, who first broke the news
on Twitter and was suspended soon after posting. Loder subsequently posted a redacted sample of this larger data breach on
Mastodon.
"I have just received evidence of a massive Twitter data breach affecting millions of Twitter accounts in EU and US. I have contacted a sample of the affected accounts and they confirmed that the breached data is accurate. This breach occurred no earlier than 2021," Loder shared on Twitter.
BleepingComputer has obtained a sample file of this previously unknown Twitter data dump, which contains 1,377,132 phone numbers for users in France.
We have since confirmed with numerous users in this leak that the phone numbers are valid, verifying this additional data breach is real.
Furthermore, none of these phone numbers are present in the original data sold in August, illustrating how much larger Twitter's data breach was than previously disclosed and the large amount of user data circulating among threat actors.
Pompompurin also confirmed with BleepingComputer that they were not responsible and did not know who created this newly discovered data dump, indicating that other people were using this API vulnerability.
BleepingComputer has learned that this newly discovered data dump consists of numerous files broken up by country and area codes, including Europe, Israel, and the USA.
We were told that it consists of over 17 million records but could not independently confirm this.
As this data can be potentially used for targeted phishing attacks to gain access to login credentials, it is essential to scrutinize any email that claims to come from Twitter.
If you receive an email claiming your account was suspended, there are log in issues, or you are about to lose your verified status, and it prompts you to login on to a non-Twitter domain, ignore the emails and delete them as they are likely phishing attempts.