This is an internal identifier used by Twitter, but can be readily converted to a Twitter handle. HackerOne covered the vulnerability back in January, which allowed anyone to enter a phone number or email address, and then find the associated twitterID. The privacy site contacted the seller, and was told the price of the database was $30,000. It includes people from around the world, with public profile information as well as the Twitter user’s email or phone number used with the account.Īll samples we looked at match up with real-world people that can be easily verified with public profiles on Twitter.
#APPLE SECURITY BREACH JUNE 2021 VERIFICATION#
We downloaded the sample database for verification and analysis. The owner of the hacking forum verified the authenticity of the attack, and Restore Privacy also says that two samples of the database check out.
The seller on the hacking forum goes by the username “devil” and claims that the dataset includes “Celebrities, to Companies, randoms, OGs, etc.” The post is still live now with the Twitter database allegedly consisting of 5.4 million users being for sale. Earlier today we noticed a new user selling the Twitter database on Breached Forums, the famous hacking forum that gained international attention earlier this month with a data breach exposing over 1 billion Chinese residents. While Twitter has since patched the vulnerability, the database allegedly acquired from this exploit is now being sold on a popular hacking forum, posted earlier today.īack in January, a report was made on HackerOne of a vulnerability that allows an attacker to acquire the phone number and/or email address associated with Twitter accounts, even if the user has hidden these fields in the privacy settings Ī threat actor is now selling the data allegedly acquired from this vulnerability. Restore Privacy reports that the breach was made possible by a vulnerability discovered back in January.Ī verified Twitter vulnerability from January has been exploited by a threat actor to gain account data allegedly from 5.4 million users. The data – which ties Twitter handles to phone numbers and email addresses – has been offered for sale on a hacking forum, for $30,000 …
Twitter has confirmed the security vulnerability which allowed the data to be extracted. See statement at the end of the piece.Ī Twitter data breach has allowed an attacker to get access to the contact details of 5.4M accounts. Update: Twitter has rather belatedly confirmed that a hacker was able to expose the account details, though the company has not commented on the 5.4M number.
0 kommentar(er)
