A Twitter security flaw discovered in early 2022 was used to recover the account data of 5.4 million users, and the hacker is offering the package on the market for $30,000.
While Twitter was recently turned upside down by Elon Musk’s takeover bid, which ultimately withdrew its offer before the American company sued him, the social network is now facing a major data breach. Indeed, a Twitter security breach has allowed hackers to access the personal data of 5.4 million accounts.
The data, which includes Twitter handles, phone numbers and addresses, was for sale on a hacking forum, for $30,000s. The sum requested is therefore not very high. Earlier this year, the data of one million French people went on sale for $6,000. Other hackers had even managed to steal the personal data of a billion Chinese resistance fighters, and these had been offered for only $200,000.
The security flaw that the hackers used had been known since the beginning of the year
Restore Privacy said in a post that the data breach was made possible by a Twitter security flaw discovered last Januaryr. At the time, the HackerOne site reported a bug that allowed an attacker to obtain a Twitter member’s phone number and/or email address, even though they had hidden those fields in the settings. confidentiality of his account.
The bug is said to have originated from the authorization process used in Twitter’s Android client, specifically in the process of verifying duplicate Twitter accounts. In the post, the user also explained how the flaw could be reproduced. Twitter eventually acknowledged the vulnerability as a “legitimate security issue” and had offered a $5,040 reward to the HackerOne researcher as part of its Bug Bounty program.
Lucky for usersthe database for sale does not seem to include passwords. Be that as it may, we remind you that your personal data travels everywhere on the Web every day, and these are put up for auction about 376 times a day on average.
Source : Restore Privacy