During early 2022, a Twitter security vulnerability was discovered which is used to cull the account details of 5.4 million users.
Twitter Hacked Data Available For Sale
Now, the hacker is offering this stolen data for sale for $30,000, as per a new report.
Further, a hack of 5.4 million users is small compared to the 478 million T-Mobile customers affected in August 2021, according to AppleInsider.
If we compare further, the data is even smaller compared to the 70 million users of AT&T which were affected later in the same month.
Still, the hacked data now on sale comes from a vulnerability that was reported in January 2022, as per the information provided by Restore Privacy.
Valid Security Breach
The issue was acknowledged by the microblogging site as a valid security breach.
The company even paid the discoverer, “zhirinovskiy”, a $5,040 bounty.
Sven Taylor of Restore Privacy further said, “Exactly as the HackerOne user zhirinovskiy described in the initial report in January, a threat actor is now selling the data allegedly acquired from this vulnerability,”.
Adding, “The post is still live now with the Twitter database allegedly consisting of 5.4 million users being for sale.”
Taylor said that they have reached out to the seller of this database to gather additional information.
But, “the seller is asking for at least $30,000 for the database, which is now available due to ‘Twitter’s incompetence,’ according to the seller.”
Besides this, the seller has also posted regarding the data on the site Breach Forums.
Authenticity Of The Leak
It is confirmed that the forum’s owner has verified the authenticity of the leak, said Restore Privacy.
The Breach Forums posting also include A sample of the data available for reference.
This data show publicly available Twitter profile information alongside phone numbers and/or email addresses used for logging in.
Interestingly, the data does not appear to include passwords.
Although it happens to include email addresses that could be used with Twitter’s “Forgot Password” feature, a bad actor would have to separately have access to that email account’s login password.
Comments are closed, but trackbacks and pingbacks are open.