Over 5.4 million Twitter users have reportedly been targeted in a major breach of personal data following revelations earlier this year that the site had a serious security flaw.
The security flaw came to light in January, when a user on HackerOne named “zhirinovskiy” pointed out that Twitter was vulnerable to hackers seeking to use information for malicious purposes.
At the time, Zhirinovskiy detailed exactly how to exploit the bug and described it as a “serious threat” even in the hands of those with only a “basic knowledge” of scripting and coding.
Twitter acknowledged the problem five days later and appeared to have fixed the problem a week after that, when it rewarded Zhirinovskiy with a $5,040 bounty for bringing the vulnerability to its attention.
A seller with the username ‘devil’ claims that “Celebrities, to Companies, randoms, OGs, etc” are included in the data set and is asking for at least $30,000, RestorePrivacy says.
A spokesperson from Twitter told Fortune: “We received a report of this incident several months ago through our bug bounty program, immediately investigated thoroughly and fixed the vulnerability.”
The spokesperson added that Twitter was “reviewing the latest data to verify the authenticity of the claims and ensure the security of the accounts in question.”
