In 2022, Twitter fell victim to a data breach that affected over 50 million users. The personal information that was exposed included names, email addresses, phone numbers, and dates of birth.
This blog post will explore the events leading up to the twitter data breach, as well as the aftermath and steps that Twitter has taken to prevent future breaches.
Table of contents
What is Twitter?
Twitter is a social networking platform that allows users to send and receive short messages called “tweets.” Tweets can be up to 140 characters long and can include photos, videos, and links. Twitter is one of the most popular social networking platforms, with over 321 million monthly active users as of September 2017.
Twitter has been in the news recently due to a twitter data breach that affected approximately 33 million users. The breach occurred in May and June of 2013, and exposed information such as user names, email addresses, session tokens, and encrypted/salted versions of passwords. Twitter has since reset the passwords of all affected accounts and is working with law enforcement to investigate the incident.
What happened in the twitter data breach?
In July of 2018, it was discovered that Twitter had suffered a data breach that affected over 330 million users. The breach was caused by a vulnerability in the “Twitter for Android” app that allowed hackers to access the personal information of users. The hackers were able to obtain the names, email addresses, and phone numbers of users, as well as their Twitter usernames and protected tweets.
This twitter data breach is one of the largest in history, and has caused a great deal of concern among Twitter users. Many people are worried about how their personal information may be used by the hackers, and whether or not their account is safe. Twitter has been working hard to secure its platform since the breach was discovered, and has taken steps to prevent something like this from happening again.
Who was affected by the data breach?
The twitter data breach affected approximately 330 million Twitter users. The personal information that was exposed included names, email addresses, phone numbers, and dates of birth. In some cases, the exposed data also included user’s location information and protected tweets.
5.4 million Twitter users’ stolen data leaked online in 2022
An API flaw that was patched in January allowed for the theft of over 5.4 million Twitter user records that contained private information. These records were made available for free sharing on a hacker forum.
A security researcher has also revealed another enormous, possibly more significant, data dump of millions of Twitter records, illustrating how widely this bug was used by threat actors.
The information is made up of public data that has been scraped as well as secretive email addresses and phone numbers.
In July of last year, a threat actor started charging $30,000 for the personal data of more than 5.4 million Twitter users.
The majority of the material was made up of publicly available details such Twitter IDs, names, login names, localities, and verified statuses; however, there was also private information like phone numbers and email addresses.
This information was gathered in December 2021 by utilizing a Twitter API flaw that was made public through the HackerOne bug bounty program. This flaw allowed users to submit their phone numbers and email addresses to the API in order to obtain the corresponding Twitter ID.
Using this ID, the threat actors might later scrape publicly available data about the account to produce the user record that is depicted below, which would comprise both private and public data about the user.
Twitter data shared on a hacking forum
Although it is troubling that threat actors gave out 5.4 million records, it is also claimed that the same vulnerability was used to create a much larger data dump.
This data dump may comprise tens of millions of Twitter records, including public data like verified status, account names, Twitter IDs, bios, and screen names, as well as personal phone numbers gathered using the same API problem.
Security expert Chad Loder, who initially reported the information on Twitter and was suspended shortly after publishing it, is the source of the information on this more serious data leak. Later, Loder published a sample of this wider twitter data breach on Mastodon with redactions.
“I have just received evidence of a massive Twitter data breach affecting millions of Twitter accounts in EU and US. I have contacted a sample of the affected accounts and they confirmed that the breached data is accurate. This breach occurred no earlier than 2021,” Loder shared on Twitter.
How to protect your data on Twitter
In the wake of the recent Twitter data breach, it’s more important than ever to make sure that your data is safe and secure when using this popular social media platform. Here are some tips on how to protect your data on Twitter:
1. Use a strong password: A strong password is one of the best ways to protect your account from being hacked. Make sure to use a combination of upper and lowercase letters, numbers, and special characters in your password.
2. Enable two-factor authentication: Two-factor authentication adds an extra layer of security to your account by requiring you to enter a code from your mobile phone in addition to your password when logging in.
3. Be careful what you share: Be mindful of what personal information you share on Twitter, as this can be used by hackers to gain access to your account. Avoid sharing things like your full name, birth date, home address, or other sensitive information.
4. Keep your software up to date: Keeping your web browser and security software up to date is important for protecting your data online. Outdated software can have security vulnerabilities that can be exploited by hackers.
5. Report suspicious activity: If you see something on Twitter that looks suspicious or out of place, report it to the site so that they can investigate and take appropriate action.
6. Use a VPN. With VPN all your online activity is hidden from prying eyes. Use all the time to make sure your online activity is unsniffed.
Best VPN for Data Safety
HideIPVPN offers a VPN service with military-grade encryption, and high-speed servers with unlimited bandwidth.
Our service comes with shared IP addresses so that your activity can never be tied to one particular user, further protecting your privacy.
We also offer DNS leak protection, a Kill Switch, the latest VPN protocols, and a guaranteed no-log policy.
Best VPN Deal! Get HideIPVPN for $2.7/mo!
Every purchase you make comes with a 30-day money-back guarantee.
Conclusion
Twitter has become the latest victim of a data breach, with hackers gaining access to over 250,000 user accounts. This is a worrying trend that seems to be becoming more and more common, and it’s one that needs to be addressed urgently. Twitter is just the latest in a long line of companies that have been breached, and unless something is done to stop these hackers, it’s only going to get worse.