Science

An old security flaw is haunting Elon Musk’s Twitter again

This should not help Twitter’s business. Recently, personal information regarding millions of accounts registered on the social network has been discovered. Chad Loder, a cybersecurity specialist, singled out the social network by proving that a data security vulnerability that emerged in 2021 allowed attackers to get their hands on a large amount of personal data, including phone numbers associated with certain Twitter accounts.

An old security flaw

The vulnerability that allowed this data to be exported has been known for many months and already made headlines in July 2022, when the personal information of 5.4 million Twitter accounts was sold on a forum for $30,000. At the time, it was pointed out that a bug in the Twitter API allowed this massive hack. But while we thought that the flaw was quickly fixed, it turned out to be much more serious than expected.

Featured item:

At least one other malicious hacker – in addition to the one who sold the data last July – managed to exploit this vulnerability and extract millions of phone numbers. According to Bleeping Computer, which had access to some of the data, the leak contains at least 1.3 million French phone numbers. Chad Loder, who first shared his discovery on Twitter before his account was banned by moderators, explains that most people who activate the “allow people who have your phone number to find you on Twitter” option are susceptible to this vulnerability.

New scandal on twitter

“From what I have been able to verify, the hacked Twitter data covers, at a minimum, phone numbers for several country codes in the EU and some area codes in the US. The data set includes verified accounts, celebrities, prominent politicians, and the government. agencies,” the cybersecurity specialist said. On Mastodon, Chad Loder shared a screenshot showing strings and strings of +33 (French area code) phone numbers associated with Twitter accounts.

If technically the error and data exploitation took place prior to Elon Musk’s takeover of Twitter, this discovery is unlikely to help the South African businessman’s business. The suspension of Chad Loder’s Twitter account shows that this topic is particularly relevant at a time when the site is in the process of losing numerous teams responsible for the site’s security. This leak echoes the claims of Piotr “Maj” Zatko, who recently questioned the site’s security and could well splash its new owner as well.

Ads, your content continues below

Back to top button

Adblock Detected

Please consider supporting us by disabling your ad blocker.