A zero-day API vulnerability was used by a threat actor to compile a database of user information. That vulnerability was fixed, Twitter said, in January, 2022. However, Bleeping Computer has reported that the database, which includes non-public information of more than 5 million users, has now been shared for free within a breached data marketplace forum. The publication also reports that another database, potentially containing 17 million records, created using the same vulnerability also exists. Here’s what we know so far.
![](https://happygeek.com/wordpress/wp-content/uploads/2022/11/smartphone-586944_1280.jpg)