Free for Hackers – Over 5.4 million Twitter users’ stolen private data available on the dark web
Confirmed by multiple users and BleepingComputer.com, over 5.4 million users’ Twitter account data has been shared for free on the dark web.
The original hack was in August of 2022 which exploited a zero-day API vulnerability. Twitter confirms zero-day used to expose data of 5.4 million accounts (bleepingcomputer.com)
Source: BleepingComputer
Twitter confirmed at the time that they had indeed been breached and reported a patch to the exploit. However the data was still put up for sale on the dark web.
“In January 2022, we received a report through our bug bounty program of a vulnerability that allowed someone to identify the email or phone number associated with an account or, if they knew a person’s email or phone number, they could identify their Twitter account, if one existed… This bug resulted from an update to our code in June 2021. When we learned about this, we immediately investigated and fixed it. At that time, we had no evidence to suggest someone had taken advantage of the vulnerability.” Twitter stated.
Originally put up for sale in August of this year for $30,000, it has now been updated to be available completely free on the hacking forums.
Included in the data is: User ID’s, full personal names, verified status, locations, follower counts, descriptions, account creation dates, URL, friends count, favorites counts, profile image URL’s, and more.
Chad Loder: “The massive Twitter data breac…” – kolektiva.social
Chad Loder sharing news of the larger breach on Mastodon
Source: BleepingComputer
Personal information and phone numbers have been verified by analysts that the data is in fact real. According to some further research, the true number could be closer to 17 million records released using the same vulnerability by hackers to gain access.
Analysts are warning that this data can be used for social engineering and targeted phishing attacks against victims. As well, the data may be used by hackers in order to gain access to the accounts through Twitter by verifying user’s private data.
Don’t think it can’t happen to you and fall victim to a data breach or cybersecurity risk. We at Motiva Networks can help you make a plan and see if your data has been compromised with a Free Confidential Cybersecurity Risk Assessment.