Earlier this year, Twitter confirmed that an API vulnerability had caused a massive data leak containing non-public information for over 5.4 million Twitter users.

Twitter denied claims that hackers had leaked the private information priorly. However, Pompompurin, the owner of the hacking forum Breached, stated they were responsible for exploiting the API bug and platforming the data after another hacker shared the vulnerability with them.

The stolen data includes public information like Twitter IDs, account names, logins, locations, and verified status.  In addition, private information like phone numbers and email addresses have also been exposed. Fraudulent activities such as phishing could be carried out using this information.

In addition to the breach of the 5.4 million active accounts, private information for roughly 1.4 million suspended Twitter profiles were also shared using the same API bug. While the extent of the data breach is not fully known, security expert Chad Loder stated that information for “tens of millions” of Twitter users might have been collected using the same API bug.

To keep yourself safe, disregard emails claiming to be from Twitter that state your account is suspended. In addition, be skeptical of emails about issues logging in or the account is about to lose its verified status. These emails are probably attempting to phish for your private information to use in fraudulent activities.