About two weeks ago, there was a Twitter security breach which led to the leak of 5.4 million Twitter user’s information. The leaked 5.4 million accounts include Twitter IDs associated with them. Usees phone numbers and email information were sold on a hacking forum for $30,000. Today, Twitter has officially confirmed that the attack has occurred and the 0-day vulnerability has been patched.
According to Twitter officials, it was informed of the vulnerability through its bug bounty program HackerOne as early as January this year. However, the vulnerability gradually emerged after an update to its code in June 2021. While the issue was resolved earlier this year, Twitter did not consider an important possibility. The company claims that it did not think that the attackers already had the data.
Gizchina News of the week
According to previous reports, a total of 5,485,636 Twitter accounts had personal data, including mobile phone numbers, locations, URLs, profile pictures and other data information stolen. Twitter said it was notifying every affected user, but officials could not fully confirm which accounts were exposed due to the security breach. Additionally, while passwords were not part of the data breach, Twitter advised users to turn on two-factor authentication for their accounts.
Twitter data breach: Contact details of 5.4 million accounts leaks
Restore Privacy reports that the Twitter data breach likely stemmed from a security flaw discovered in January. The hacker forum owner verified the authenticity of the attack. Restore Privacy also checked the data, confirming that it corresponds to Twitter users. When Restore Privacy contacted the seller, they were told the price of the database was $30,000.
The attackers likely obtained an existing database of phone numbers and email addresses obtained through breaches of other services. It then used those details to search for the corresponding Twitter IDs, the report said. At present, there is no way to check whether you are in the leaked account. Furthermore, we can not tell if the official alert from Twitter to these users is available.