That shouldn’t help Twitter’s business. Personal information relating to millions of registered accounts on the social network has recently been discovered. Chad Loder, a cybersecurity specialist, yes pinned the social network proving that a data security breach dating back to 2021 allowed malicious hackers to get their hands on a good deal of personal data, including phone numbers linked to certain Twitter accounts.
An old security hole
The flaw that allowed this data to be exported had been known for many months and it had already made headlines in July 2022 when personal information on 5.4 million Twitter accounts was sold for $30,000 on a forum. At the time, a flaw in Twitter’s programming interface was reported that allowed for this massive hack. But while we thought the flaw was quickly fixed, it turned out to be much more serious than expected.
At least one other malicious hacker, other than the one who sold the data last July, managed to exploit this flaw and extract millions of phone numbers. According to Computer that plays – who have accessed part of the data – it contains at least 1.3 million French telephone numbers lose. Chad Loder, who first he shared his discovery on Twitter Before seeing his account suspended by moderation teams, he explains that most people who have the “allow people who have your phone number to find you on Twitter” option turned on are affected by the flaw.
New controversy on Twitter
“From what I could verify, the leaked Twitter data covers, at a minimum, phone numbers for several country codes in the EU and some area codes in the US. The dataset includes verified accounts, celebrities, prominent politicians, and government agencies“, clarified the IT security specialist. Hon MastodonChad Loder shared a screenshot showing rows and rows of +33 (the French area code) phone numbers linked to Twitter accounts.
While the blame and data exploitation technically occurred before Elon Musk’s takeover of Twitter, this discovery isn’t likely to help the South African entrepreneur’s business. The suspension of Chad Loder’s Twitter account shows that the subject is particularly sensitive at a time when the site is losing numerous teams responsible for site security. This leak echoes statements by Peter “Mudge” Zatko who recently questioned the site’s security and could very well affect its new owner as well.