Twitter users warned to change passwords after 7million people hit by data leak

If you've got a Twitter account, it might be a good time to change your passwords.

According to cybersecurity experts, around 5.4 million user records containing data such as passwords, emails, phone numbers, and more have been stolen from Twitter and are being openly shared online.

BleepingComputer reports that Twitter confirmed it had suffered a data breach. This includes not just the 5.4 million user records leaked publicly but information from an additional 1.4m suspended Twitter profiles, reportedly circulated 'privately' among a few people.

READ NEXT: Canelo Alvarez takes aim at 'hypocrite b*****d' Sergio Aguero after Lionel Messi remarks

Cybercriminals were able to exploit a simple flaw in Twitter's interface and steal the data from 5,485,635 users, which was then leaked on a hacker forum.

They did this using a feature which allowed anyone to find any Twitter accounts associated with a specific phone number or email address.

While the flaw was updated in August, it appears that this data is still out there in the open, with one Twitter user sharing it on a hacker forum as recently as November 24.

This was verified by cybersecurity expert Chad Loder, who told 9to5Mac there are 'multiple threat actors, operating independently' to target the UK, parts of the EU, and the US. Loder posted proof of this to his Mastodon profile.

In a statement in August, Twitter described the hack as "an incident impacting some accounts and private information on Twitter'. They encouraged users to enable 2-factor authentication on their accounts while claiming that no passwords were compromised.

Additional Gizmodo reporting suggests that passwords were compromised, but this could not be verified by the Daily Star at the time of writing.

  • Artist builds AI to speak to her 'past self' and chat to her 'inner child'

Whether passwords were leaked or not, what it means is that, if you had a Twitter account towards the end of 2021, your data could be at risk.

It could be used to send you phishing scams, which attempt to swindle you out of your money or login details.

To avoid this, there are a few steps you can take.

If you use the same password on Twitter as on other platforms (such as Facebook, Instagram, or your email), it's probably a good idea to change all of those passwords immediately. As a general rule, it is not safe to use the same password on different websites.

Enabling two-factor authentication on as many platforms as possible will also provide an additional layer of security.


  • Self-replicating robots can 'build almost anything' and grow into bigger machines
  • Self-replicating robots can 'build almost anything' and grow into bigger machines
  • Police ask permission to use 'killer robots' with live ammunition to stop shooters
  • Demanding weekly update reports from Twitter staff is 'not unreasonable' says Musk
  • AI 'predicts World Cup winner' after running more than 100,000 simulated matches

Source: Read Full Article