Twitter suffered a data breach incident after a threat actor compiled a list of 5.4 million user account profiles by exploiting a now-patched zero-day vulnerability that was used to link email addresses and phone numbers to users' accounts.
This vulnerability allowed anyone to submit an email address or phone number, verify if it was associated with a Twitter account, and retrieve the related account ID.
The threat actor verified phone number or email address, and scraped public information, such as follower counts, screen name, login name, location, profile picture URL, and other information, and sold the data for $30,000.
"id": "TWI0499822",
"linkid": "twitter",
"type": "Breach",
"date": "08/2022",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of a geographical region"