Earlier this 12 months, Twitter confirmed that the personal person knowledge for five.4 million customers was stolen as a result of an API vulnerability, however the firm mentioned it had “no evidence” that it was exploited. Now, all of these accounts have been uncovered on a hacker type, BleepingComputer has reported. On high of that, a further 1.4 million Twitter profiles for suspended customers was reportedly shared privately, and a good bigger knowledge dump with the information of “tens of millions” of different customers could have come from the identical vulnerability.

The proprietor of hacking discussion board referred to as Breached informed BleepingComputer that it was liable for exploiting the weak point (initially obtained from one other hacker referred to as “Devil”) and dumping the person information. It mentioned that it additionally obtained 1.4 million Twitter profiles for suspended accounts, obtained through one other API, however solely shared these privately amongst a number of people.

On high of all that, safety knowledgeable Chad Loder has revealed that tens of hundreds of thousands extra Twitter information could have been collected utilizing the identical API. Once once more, knowledge collected could embrace personal cellphone numbers together with public data. Loder posted a redacted pattern on Mastodon, as he was banned on Twitter a number of days in the past for unknown causes. It may include over 17 million information, BleepingComputer was informed.

The breaches leaked customers’ personal cellphone numbers and e mail addresses, which may very well be used for phishing and different scams. That data is also exploited to uncover identities from personal Twitter accounts. As normal, be very cautious of any suspicious emails or texts claiming to come back from Twitter — and in case you’re fascinated by utilizing two-factor authentication, now can be a very good time.