A zero-day API vulnerability was used by a threat actor to compile a database of user information. That vulnerability was fixed, Twitter said, in January, 2022. However, Bleeping Computer has reported that the database, which includes non-public information of more than 5 million users, has now been shared for free within a breached data marketplace forum. The publication also reports that another database, potentially containing 17 million records, created using the same vulnerability also exists. Here’s what we know so far.