A Twitter vulnerability has led to a hacker acquiring account knowledge of 5.4 million customers, and the stolen info, which is claimed to incorporate e mail and telephone numbers, is up on the market for at the very least $30,000.
Noticed by cybersecurity outlet RestorePrivacy, the risk actor acquired the dataset by a vulnerability on Twitter’s Android shopper that allowed attackers to search out the e-mail and telephone numbers related to the accounts. As HackerOne stories, Twitter acknowledged this bug as a “legitimate safety concern” again in January, awarding person zhirinovskiy with a $5,040 bounty for locating it, and has since been patched.
Nonetheless, the risk actor, referred to as “satan,” is claimed to have used this exploit to promote hundreds of thousands of customers’ knowledge, which is claimed to “vary from Celebrities, to Corporations, randoms, OGs, and so forth.” RestorePrivacy reached out to the vendor, who claimed the database shall be bought for at the very least $30,000.
Found on hacking discussion board Breached Boards, the hacker posted a pattern of the info, which analysts downloaded for verification. “It consists of folks from all over the world, with public profile info in addition to the Twitter person’s e mail or telephone quantity used with the account,” the report states. The samples additionally match real-world Twitter profiles.
How one can stop being hacked
At the moment, Twitter is investigating the state of affairs. Whereas the database does not embody non-public credentials similar to passwords, folks can nonetheless use this knowledge for phishing assaults to realize entry to extra non-public info. As person zhirinovskiy factors out, it can be used to focus on celebrities in numerous malicious actions.
Whereas it is unsure what customers are weak within the 5.4 million accounts within the database, it is a good suggestion to ensure your on-line accounts are secured by utilizing the finest password managers round. This makes it troublesome for risk actors to breach an account, even when they know different necessary particulars.
What’s extra, if the info is utilized for malicious functions, maintain a glance out for suspicious emails asking to enter login credentials similar to your username and password. You solely want to do that on Twitter’s web site.
It is not unusual for knowledge to be bought by the darkish internet market. This yr, the Darkish Internet Worth Index 2022 exhibits the darkish internet market is rising, with retailers promoting stolen bank card knowledge, cryptocurrency accounts, hacked Gmail and Twitter accounts, and purchasable malware for considerably cheaper costs over the previous yr.
