Indeed, the data was available in the summer.
Quote:
It was gathered that user data was first posted on a hacking forum with a $30,000 price tag in July, but the recent sale offered this information for free, according to Bleeping Computer.
|
It was obtained using an API bug that was patched in Jan 2022.
Quote:
Twitter confirmed in August that bad actors took advantage of the vulnerability but patched the flaw in January 2022.
|
There is no evidence they obtained "bank or credit card details".
In fact, they already had peoples information, this flaw just allowed them to get a twitter id.
(So no email address and phone numbers were stolen either).
Quote:
[it allowed] people to submit phone numbers and email addresses into the API to retrieve the associated Twitter ID
|