There is a possibility that 5.4 million users of Twitter may have their account data on the platform compromised, taking into account a recent security breach that would have been discovered about it.
According to the RestorePrivacy portal, a vulnerability on the Twitter platform, which would have been discovered in January of this year, will have been used to collect information from almost 5.4 million Twitter accounts, and this data is now on sale at Dark Web.
The vulnerability was reported to Twitter by the HackerOne platform in January, and it allowed attackers to acquire the phone number and email associated with virtually any account on the platform. This applies even to accounts that would have indicated to hide this data from public format.
The failure would be related to the Twitter application for Android, and the way it performed the validation of login data on the service. The flaw was reported by the user “zhirinovskiy”, on the 1st of January, classifying it as quite serious if in the wrong hands.
Among the description of the flaw is the possibility that the attackers could create a database with millions of accounts and sensitive data of Twitter users, virtually any account.
A few days later, Twitter will have validated the failure, and rewarded zhirinovskiy with a prize of 5040 dollars, also indicating that the resolution of the problem was being worked on. However, it looks like the bug fix didn't come in time to prevent the worst.
BUT: Twitter loses money and points the finger at Elon Musk
Recently, a Twitter database was placed on a dark web portal, containing 5.4 million accounts on the platform and information related to them. The leak indicates that among the data collected is the account username, email and phone number – that is, basically the information that would be accessed by exploiting the previous flaw.
The author of the leak claims that there are accounts of various personalities and accounts of interest. The data that was shared by the author of the leak to some sources also validate that the data is actually real.
The creator of the leak is selling this database for US$30.000, and details are still unknown as to whether it has even been sold to any entity.
Twitter has already confirmed that it is investigating the failure, analyzing the stolen data, but the investigation may still take some time to bring concrete results.
