A seller by the nickname ‘devil’ has created a dark web database containing the personal information of 5.4 Twitter users’ data. The information is listed for sale on a popular criminal forum, according to security researchers. The seller claims to have exploited a vulnerability in Twitter systems reported in January, and Twitter is still investigating these claims. The database is currently up for grabs on the Breached Forums site for $30,000. The seller claims that the information included is phone numbers and email addresses, including that of celebrities and companies.

The hacker claims to have exploited a vulnerability first reported by a HackerOne user. The bug allowed an attacker to find a Twitter user’s phone number and email address, even if the user had them hidden in privacy settings. Twitter was able to fix the bug within five days, but it may have given attackers plenty of time to exploit it. The sale was first identified by RestorePrivacy. Twitter users have taken to the platform to complain that the company did not notify its users of the breach.

Read More: Cyber-Criminal Offers 5.4m Twitter Users’ Data