Over five million user accounts may have been compromised in Europe and the US, according to cybersecurity expert Chad Loder.
The researcher made the announcement on Twitter last week but subsequently had his account suspended. The posts are still available on the WayBackMachine, however. Loder has also posted about them in his Mastodon account.
"I have just received evidence of a massive Twitter data breach affecting millions of Twitter accounts in the EU and US. I have contacted a sample of the affected accounts, and they confirmed that the breached data is accurate. This breach occurred no earlier than 2021," reads one of the Twitter posts.
According to Loder, the breach affected any Twitter account with the "Let others find you by your phone" option enabled in Discoverability settings.
"All accounts for the entire country code of France (+33) are listed in the dataset with their mobile numbers," the security researcher wrote.
"From what I have confirmed, the breached Twitter data covers, at a minimum, the full phone number spaces for multiple country codes in the EU and some area codes in the US. The dataset includes verified accounts, celebrities, prominent politicians, and government agencies."
According to Loder, Ben Lovejoy reported a similar breach in August, but the data leaked in this one looks different.
"I compared this breached data to a sample from the data breach mentioned in the 2022 article. It is NOT the same data. Completely different format and different affected accounts. Likely multiple actors all exploiting the same vulnerabilities in 2021," Loder said.
Leaked data reportedly included Twitter IDs, names, login names, locations and verified status, alongside private information like phone numbers and email addresses.
"This breach showcases how quickly criminals move whenever there is a vulnerability, particularly in a large social media site," commented Javvad Malik, lead security awareness advocate at KnowBe4.
"With so much information disclosed, criminals could quite easily use it to launch convincing social engineering attacks against users."
According to the executive, such attacks could not only target their Twitter accounts but also impersonate other services such as online shopping sites, banks or even tax offices.
"Therefore, people should always remain on the lookout for any suspicious communications, especially where personal or sensitive information is requested, such as passwords. When in doubt, people should contact the alleged service provider directly or log onto their account directly," Malik said.
The alleged breach comes weeks after several of Twitter's C-level security and privacy executives resigned following the chaos that ensued from the Elon Musk acquisition of the social media platform.