Skip to Content
Twitter data breach
© Youssef Azougagh | Dreamstime.com
Security & privacy

Twitter data breach: Personal details of 5.4M users leaked

There are plenty of things for sale on the Dark Web, some of which will immediately attract the attention of law enforcement. Discoveries don’t always end with arrests but can help protect potential victims. Your stolen information is on the Dark Web – here’s what to do next.

A recent discovery on a hacker forum is an excellent example of this. As many as 5.4 million Twitter users have had their personal details exposed in a massive data breach.

Read on to see how this happened and what you must do if you have a Twitter account.

Here’s the backstory

The massive cache of personal details stolen from Twitter is selling on a hacker forum, with the asking price currently $30,000.

Twitter confirmed the breach, explaining that hackers exploited a vulnerability from December 2021. The data reportedly includes the names, phone numbers and email addresses of 5.4 million users. Some of the exposed users include celebrities and companies.

A HackerOne forum user called “zhirinovskiy” posted the vulnerability’s details on the messages boards, saying that “this is a serious threat.” He explained that it could lead to the discovery of users who restricted their profiles and that any hacker with “basic knowledge of scripting” could access the data.

According to the digital privacy advocacy group RestorePrivacy, “Twitter has since patched the vulnerability,” but it still leaves users at risk of identity theft. The platform also rewarded “zhirinovskiy” with $5,040 for the vulnerability’s discovery.

In a statement, Twitter said after it was made aware of the problem, it “immediately investigated thoroughly and fixed the vulnerability.”

What you can do about it

Whenever a data breach occurs, there are a few things you can do to try and stay protected. Here are a few suggestions:

  • Immediately change your login details, such as your password or username. This is the best defense against a data breach.
  • Use unique, complex passwords for every online account that hackers can’t easily guess. Try using a password manager to create and store your details.
  • Where offered, use two-factor authentication (2FA). This adds another layer of protection where you must authenticate your login through a secondary device. Tap or click here for more details on 2FA.
  • Watch for phishing emails claiming to have details on Twitter’s data breach. Clicking links or downloading attachments from unsolicited emails could infect your device with malware or cause other cybersecurity problems.
  • Check whether your details have been exposed by entering your email address into haveibeenpwned.com. The site will let you know when and where your details were leaked.
  • If the breach involves a bank, keep a close eye on your account. Watch for any strange transactions or login attempts.

Through the stolen Twitter data, hackers can set up fake profiles with your details (over which you won’t have any control) and launch spam or phishing attacks on others.

Keep reading

Twitter shares your location when you tweet – Take this step now

Check out these headlines reacting to Elon Musk’s purchase of Twitter

Refer friends, earn rewards

Share your source of digital lifestyle news, tips and advice with friends and family, and you'll be on your way to earning awesome rewards!

Get started