large-scale twitter Last year’s data breaches, exposures Over 5 million phone numbers and email addresses, was worse than first reported.we have shown evidence that the same safety This vulnerability has been exploited by multiple malicious actors and the hacked data is sold on the dark web from multiple sources.
It used to be thought that only one hacker had access to the data, but Twitter’s belated admission reinforced this impression…
hacker one first reported the vulnerability in January. This allowed anyone to enter a phone number or email address and find the associated twitterID. This is an internal identifier used by Twitter, but can be easily converted to a Twitter handle.
A malicious person can create a database of Twitter handles, email addresses, and phone numbers combined.
At the time, Twitter acknowledged that the vulnerability existed and was subsequently patched, but did not say anything about who would exploit it.
A Twitter vulnerability discovered in January was allegedly exploited by attackers to obtain account data from 5.4 million users. Twitter has since patched the vulnerability, but the database allegedly obtained from this exploit is being sold on a popular hacking forum posted today.
Twitter has since confirmed the hack.
In July 2022, I learned through the press that someone may have taken advantage of this and offered to sell the edited information. After reviewing a sample of salable data, it was confirmed that malicious actors were exploiting the issue before it was resolved.
Massive Twitter Data Breach, Plural, Not Singular
There was a similar suggestion on Twitter yesterday personal data It was accessed by multiple malicious actors, not just one. 9to5Mac I have now seen evidence that this is the case. A data set containing the same information in a different format was presented, which the security researcher said was “clearly another threat actor.” Sources said this was just one of many files they saw.
Data includes Twitter users in the UK, most EU member states, and some US users.
Phone numbers in the national phone number space from +XX 0000 to +XX 9999 <-> We got multiple files, one for each phone number country code, containing pairs of Twitter account names.
All Twitter accounts that had discoverability | phone options enabled in late 2021 were listed in the dataset.
The option mentioned here is a setting hidden fairly deep within Twitter’s settings and appears to be on by default. Click here for direct link.
Malicious actors are believed to have been able to download about 500,000 records per hour, and that data is being sold on the dark web from multiple sources for about $5,000.
The account of the security expert who tweeted about it has been suspended
Another security specialist who tweeted about the issue yesterday had his Twitter account suspended the same day.Internationally recognized computer security expert Chad Lauder predicted the Twitter reaction and was confirmed within minutes.
They told me that multiple hackers obtained the same data and combined it with data from other breaches.
Multiple threat actors appear to be operating independently, collecting this data for both phone numbers and email throughout 2021.
The combination of email and Twitter was derived by running an existing large database of over 100 million email addresses using this Twitter discoverability vulnerability.
We reached out to Twitter for comment, but since Musk has laid off his entire media relations team…
FTC: We use automated affiliate links to earn income. more.