Last year’s Twitter data breach was reportedly “far bigger” than initially thought.
The company’s breach exposed more than five million email addresses and phone numbers, with a security vulnerability reportedly accessed by 100s of bad actors, rather than the single hacker that Twitter said had gained access.
Earlier in the year, HackerOne reported that anyone could enter a phone number or email address and find the associated Twitter ID, an internal identifier that can be easily converted into a Twitter handle. Twitter confirmed that the vulnerability existed and confirmed that it had been patched, but said that nobody had exploited it.
Now, it’s believed data from more than 5.4 million users have been collected, and though the vulnerability has since been patched, the database acquired from this exploit is being sold online via a popular hacking platform.
The data covers users in the United Kingdom, the United States, and the EU.
Are you concerned to hear this news? Let us know and check back soon for more.