Oh great, now our Twitter data is for sale on the dark web

In case you haven’t been closely following in-depth hacker news feeds (and we don’t blame you if you haven’t), you may have missed an announcement in January from HackerOne detailing a security vulnerability in the Twitter code. The vulnerability let hackers steal phone numbers and emails of users.

Well, a list of millions of Twitter users just showed up for sale on the dark web.

Restore Privacy, a security and privacy watchdog, reported the list of 5.4 million Twitter user emails and phone numbers for sale on a dark web site called Breached Forums. The hacker selling the list claims it contains the private data of “Celebrities, to Companies, randoms, OGs, etc.”

The vulnerability found in January and the sale of personal datasets from Twitter are too closely linked to be mere coincidence.

In January, HackerOne user zhirinovskiy submitted a bug report he had found while analyzing Twitter’s codebase. It was an exploit that could potentially allow a threat actor to access the emails and phone numbers of Twitter users. Although there was no sign of a data breach at the time, zhirinovskiy was concerned.

“This is a serious threat,” zhirinovskiy said in his bug report. “As people can not only find users who have restricted the ability to be found by email/phone number, but any attacker with a basic knowledge of scripting/coding can enumerate a big chunk of the Twitter user base unavailable to enumeration prior (create a database with phone/email to username connections).”

“Thank you for your report @zhirinovksiy,” a Twitter employee named bugtriage_simon replied to the report. “We’re looking into this and will keep you updated when we have additional information. Thank you for thinking of Twitter security.”

The reply came on January 6, five days after zhirinovskiy posted his report.

On January 13, Twitter closed the report and commented: “We consider this issue to be fixed now. Can you please confirm?”

“I can confirm the issue is fixed,” zhirinovskiy replied the same day. Twitter rewarded him for his efforts.

Judging from the exchange of comments on the initial bug report, it took nearly two weeks for Twitter to fix the vulnerability. At some point, a threat actor snuck in and stole 5.4 million datasets. Whether it was done before zhirinovskiy discovered the exploit or after he had posted it remains unknown. What is known is those emails and phone numbers are now for sale.

If your data was included in the breach, you can expect to receive an uptick in spam emails and scammer calls. We recommend using Apple’s Hide My Email if you have iPhone. Also, check out our tips for increasing your online privacy.

Related posts

Latest posts

T-Mobile, Starlink enable satellite texting early for people impacted by Los Angeles fires

T-Mobile and SpaceX have been working on bringing Starlink satellite connectivity to customers for a while, and it’s flipping on

iPad 11: Two Key Upgrades Will Bring Apple Intelligence to Budget iPad

The next-generation, entry-level iPad will support the Apple Intelligence suite of AI features, according to Bloomberg's Mark Gurman.In his Power

Apple Watch SE 3 With ‘New Look’ Expected to Launch This Year

A third-generation Apple Watch SE will be released later this year, and it will have a "new look" of some

HomePod Mini 2 and New Apple TV Launch Timeframe Narrowed Down

Bloomberg's Mark Gurman recently reported that Apple plans to release new HomePod mini and Apple TV models this year, and

All the cool gadgets that made me sad I didn’t go to CES 2025

I wrote about CES 2025 from the comfort of my home, but a selection of really cool gadgets made me sad I didn't attend the show in person.

Zuckerberg vents at Apple over iPhone, but forgets Facebook’s flops

The Meta chief says Apple essentially sat on the iPhone and hasn't made any remarkable progress. He didn't mention how Facebook flubbed phones and tablets.

Forget the Galaxy S25 Slim. The OnePlus Open 2 could be the thinnest foldable ever

According to tipster Digital Chat Station, the OnePlus Open 2 could be the thinnest folding phone ever made — and it could sport a titanium frame.

Apple Watch SE might embrace a new look this year

The next Apple Watch SE, expected to arrive this year, could hit the shelves rocking a new look. The budget watch could also ditch metal in favor of plastic.

Nvidia’s DLSS 4 isn’t what you think it is. Let’s debunk the myths

Nvidia's new DLSS 4 feature is an exciting update for RTX users, but it's been drowned in a sea of assumptions and misunderstandings.

I love the Motorola Razr and Galaxy Z Flip 6, but there’s still room to make flip phones better

Android OEMs are improving flip phones every year, but how can they get better going forward?