On Twitter, a data breach allowed hackers to intercept the contact details of 5.4 million users. A database sold for $30,000 on a hacker forum.
Twitter is not immune to security breaches. Recently, a vulnerability spotted in January was exploited by malicious individuals. If the flaw has since been corrected by Twitter, hackers have managed to get their hands on the contact details of 5.4 million accounts. A large database that was later put up for sale on the Breached Forums hacking forum.
This flaw allowed an attacker to obtain the phone number and/or email address associated with Twitter accounts. Even if the user had hidden these fields in the privacy settings. On the forum, the publication proposing to buy the database was posted by a certain “devil”. The latter certifies that his file includes data from celebrities, companies, organizations, etc.
Read > Twitter leaked location data of iOS users
Twitter: celebrity identifiers in the database
Contacted by Restore Privacy, the seller specifies that he wants to sell the database “not less than $30,000”. And to explain that it fell into his hands because of “Twitter’s incompetence”. HackerOne forum user “zhirinovskiy” reported the bug at the time, believing it to be a “serious threat” attackers can create databases linking username with phone number and email.
And then sell them to malicious people for advertising purposes or to target celebrities. Subsequently, Twitter awarded a $5,040 bounty to “zhirinovskiy” for his find, which allowed the social network to solve the problem. And months later, it is clear that the fears of the whistleblower have materialized.
There is currently no way to know if your Twitter account has been affected by this data breach, paying the requested amount is obviously not an option. Therefore, be particularly vigilant against phishing attacks. Golden rule: do not open any link sent in an e-mail or a text message from a questionable source.
Source: Restore Pivacy