On Twitter, a data breach allowed hackers to intercept the contact details of 5.4 million users. The database was sold on a hacker forum for $30,000.
Twitter is not immune to security breaches. Recently discovered in January, the vulnerability was exploited by attackers. If the bug has since been fixed by Twitter, the hackers managed to get the contact details of 5.4 million accounts. A large database that was later put up for sale on the Breached Forums hacker forum.
This vulnerability allowed an attacker to obtain the phone number and/or email address associated with Twitter accounts. Even if the user has hidden these fields in the privacy settings. On the forum, a publication with a proposal to buy the base was posted by a certain “devil”. The latter certifies that its file contains data about celebrities, companies, organizations, etc.
Read > Twitter leaked location data of iOS users
Twitter: celebrity IDs in the database
In response to a Restore Privacy request, the seller stated that he wanted to sell the database for “at least $30,000”. And to explain that he fell into his hands because of “Twitter’s incompetence.” HackerOne forum user “Zhirinovsky” who originally reported the bug thought it was a “serious threat” at the time because attackers could create databases that associate a username with a phone number and email address.
And then sell them to attackers for advertising purposes or to target celebrities. Subsequently, Twitter awarded “Zhirinovsky” a reward of $5,040 for his discovery, which allowed the social network to solve the problem. And months later, it becomes clear that the whistleblower’s fears have materialized.
There is currently no way to know if your Twitter account has been affected by this data breach, obviously it is not possible to pay the requested amount. Therefore, be especially vigilant against phishing attacks. Golden Rule: Do not open any links sent by email or text message from a questionable source.
Source: Restore Pivacy