However, the threat actor, known as “devil,” apparently used this exploit to sell millions of users’ data, which is said to “range from Celebrities, to Companies, randoms, OGs, etc.” As reported by BleepingComputer, In November 2022, another hacker released a JSON file that contained the 5.4 million records. However, another researcher spotted a new set of Twitter profiles that were scrapped using the same vulnerability, which wasn’t the same as the 5.4 million in July 2022. Apparently, the data set contained 17 million user profiles. “In November 2022, some press reports published that Twitter users’ data had been allegedly leaked online,” Twitter’s security update states. “As soon as we became aware of the news, Twitter’s Incident Response Team compared the data in the new report to data reported by the media on 21 July 2022. The comparison determined that the exposed data was the same in both cases.” The cybersecurity news site sampled a data set containing 1.4 million accounts and even contacted Twitter users to confirm if the leaked phone numbers were valid. Unfortunately, there are. This means the exploit spotted in January 2022 is still seeing its effects, and Twitter hasn’t confirmed the number of exposed users from the breach.
Start using two-factor authentication
In the security update, Twitter states that while no passwords were exposed in the data leak, it’s a good idea to turn on two-factor authentication or hardware security keys to protect their accounts. It also recommends being aware of suspicious emails, as the exposed information on users could lead to nasty phishing campaigns. You can check out the best authenticator apps to stay secure and to make sure your passwords are locked up, the best password managers can help you out. Speaking of emails, there are invisible images that let companies spy on your email — here’s how to stop them.
