davidc__
Chad LoderThe massive Twitter data breach is real. Here is a small offer of proof. There is data from entire countries in the data set.
Maddler 
@chadloder any clue of how old the data is?
@maddler It's from late 2021.
@chadloder cheers
Isaac Gozzo Rinkevicius 
@chadloder @maddler thanks for the clarification!
Mary P G Keating@chadloder
Do you have a link to a legible list, please, Chad?
Do you have a link to a legible list, please, Chad?
@Marypgkeating I would never release people's private contact information.
@chadloder
Gotcha, sorry.
Gotcha, sorry.
Nephryn@chadloder What kind of data did they access? I read name, phone number, and Twitter handle, but in this screen shot I see text that looks like parts of conversations.
@nephryn Phone number, verified (true/false), account name, account bio. Tens of millions, perhaps over 100M
Barbara@chadloder @nephryn oh no 😳😳
@chadloder Okay. Thank you. The reasons not to return to the bird app really do pile up.. 🤦♀️🙄
Angry Centrist@chadloder @nephryn well, crap. That wasn't the number that would be easy to change. 🤬
Julie Webgirl
TonyK@juliewebgirl @chadloder @nephryn Presumably they have either the email address or phone number you suited to set up the account. Combined with tweets you sent or read, that would have huge value to marketers and probably hackers.
@Cranky_Tony @chadloder @nephryn
Yeah, my point is that people hand over their info when asked on a sign up form way too easily and don't actually read nor look for the "skip" button nor have throwaway emails, etc. then are outraged later.
Yeah, my point is that people hand over their info when asked on a sign up form way too easily and don't actually read nor look for the "skip" button nor have throwaway emails, etc. then are outraged later.
Ozwobbly@chadloder @nephryn so that's likely to be all the active users at that time then?
skryIf you didn't turn on the permission that lets people find you with your phone number, you might be okay. It sounds like that was the service that was abused to create this exposure of personal information.
Bob Brown 🕹️@skry @ozwobbly @chadloder @nephryn suggestion here that this option “seems to be on by default” https://9to5mac.com/2022/11/25/massive-twitter-data-breach/amp/
Massive Twitter data breach was far worse than reported, reveal security researchers
A massive Twitter data breach last year, exposing more than five million phone numbers and email addresses, was worse than initially reported. We’ve been shown evidence that the same security vulnerability was exploited by multiple bad actors, and the hacked data has been offered for sale on the dark web by several sources. It had […]
@gurubob @skry @chadloder @nephryn
I had it turned off because I'm usually careful.about these things but I'm a little worried that twitter would use the same dataset for this as MFA
@ozwobbly @gurubob @chadloder @nephryn
9 to 5 Mac confirms: https://9to5mac.com/2022/11/25/massive-twitter-data-breach/
Massive Twitter data breach was far worse than reported, reveal security researchers
A massive Twitter data breach last year, exposing more than five million phone numbers and email addresses, was worse than initially reported. We’ve been shown evidence that the same security vulnerability was exploited by multiple bad actors, and the hacked data has been offered for sale on the dark web by several sources. It had […]
Kim Anez
Rojan Seth (he/him)@chadloder @nephryn Do you know of any services which can confirm the precise data that was leaked for one's *own* account (after proving ownership of that account—like posting from account or emailing from a leaked address?).
Francis@chadloder any +353 numbers?
@squidlimerick I didn't check, I will ask.
Darren@chadloder any practical way to get this into https://haveibeenpwned.com ?
@chadloder and sorry just realized you’re here @troyhunt , would have tagged.
JJM_Digimedia
Alex (he/him)@chadloder god that’s so scary looking
Polak1024 
@chadloder could you check for number +48?
Zeitless@chadloder Oh fuck, I'm out of the loop, do I need to be scared?
Any actions you'd recommend to secure my account or anything?
Any actions you'd recommend to secure my account or anything?
interru@Zeitless @chadloder was last year as far as I know. But it turns out it was far worse than initially reported.
@Zeitless @chadloder actions depends on what's critical to you. The email and phone number was leaked, perhaps more (don't know. I don't have the data but assume the worst: password in salted form, DMs etc.)
Action: On all plattforms change your password if you reuse the password you are using on Twitter. You shouldn't do that irregardless of the breach.
Action: On all plattforms change your password if you reuse the password you are using on Twitter. You shouldn't do that irregardless of the breach.
C_Chell@chadloder Did you have an news article or something to get a base on ?
When I see this knod of news, I always search for the source before.
When I see this knod of news, I always search for the source before.
DianneVotes💙
@C_Chell I'm literally the source
@chadloder @C_Chell that’s funny :)
Natanael ⚠️@chadloder FYI pixelation on text is not ideal for censoring (might be acceptable in these pics because text is already blurred and boxes are large - but that's no guarantee* for safety). When boxes are small then the exact tone of each box reveals too much about the possible letters via revealing exactly how many pixels are filled in by the letters.
Lee Brotherston@chadloder I wonder if this is in any way related to when phone based 2FA went away.
Occam’s razor is of course that Elmo is an idiot and the service is not well fed and watered, but still made me wonder.
@chadloder oh, late 2021…. Should have read more, oops
InfiniteOne@chadloder And that’s what foreign adversaries want, and have paid for via their conduit, Eon Tusk.
Phalsleyconvicted@chadloder I wonder if reporting tos violations by Twitter to the Google play store will help but I took a shot. Thanks fir getting this out. Stay safe
Dani — MLT(ASCP)@chadloder
Oooh class action suit time!
Oooh class action suit time!
Violetaflores@chadloder Thank you, Chad.
Nadia/Надя/नाडिया/娜迪亚/ ناديةDid this leak/breach the passwords from Twitter?
txwikingerMaybe that's where all those recent spam calls are coming from
nadin brzezinski@chadloder @bootsqueak ok, how likely is this to end with regulatory agencies? Europe has far more teeth…
@Nadinabbott @bootsqueak Likelihood: 100%
Andi
daddy gliz the cartomancer@chadloder what the fuck
@chadloder have you shared this with @haveibeenpwned ?
@jonne @chadloder @haveibeenpwned @troyhunt is here though, and I’m sure he’ll be looking to add this to hibp soon…
Eric 
@chadloder You can see phone numbers connected to the account?
Duddyguy@chadloder hot damn, think musk knew before he bought twitter?
Watershedd@chadloder Does the data include Australian telephone numbers? They would begin with +61.
@Watershedd No, not that I saw. But I have not seen the full data set.