Twitter is looking into the possibility that data from a breach are now being posted on the dark web. Restore Privacy traces the incident to reports in HackerOne back in January of a breach that had the potential of exposing user information even when that information was hidden in privacy settings. Twitter closed the vulnerability and paid the researcher who reported it a bug bounty. But it appears possible that the vulnerability has been exploited to collect a very large tranche of user data. Restore Privacy says that at least some of the data released as a teaser are authentic, and that the criminal who holds them (nom-de-hack "devil") is offering the database for sale. Bidding starts at $30 thousand.