Throughout November, we’ve shared updates around Twitter’s rapid change and uncertain future. This week, Bleeping Computer reported that the records of 5.4+ million Twitter users have been shared for free on a deep web forum known for brokering stolen credentials. These records were the result of a zero-day vulnerability confirmed by Twitter on August 5, 2022 and do not represent a net new breach; According to Twitter, the vulnerability was fixed in January 2022.
The actors who shared the data on the criminal underground claimed it is available to download the data free of charge, as of this writing. According to our Dark Ops operatives, the adversary sharing these stolen records is highly regarded within this community of underground data brokers and does not have a history of trafficking in false claims.
The wide release of these credentials could lead to an increase in social engineering tactics like phishing attacks. Be mindful of any communications relying on a sense of urgency or risk, particularly those that could exploit topics of interest such as Twitter vulnerabilities and/or Twitter’s verification status. We will continue to monitor the situation and will provide additional relevant updates as our team ingests the data and as developments unfold. As always, please stay vigilant to keep your organization, assets, and data protected.