A hacker forum offered 5.4 million leaked Twitter user data for USD 30,000 . It is worrying that the data being peddled contains the user's phone number and email address.
Restore Privacy says the data hacked and now for sale stems from a vulnerability that was reported in January 2022. HackerOne briefly uncovered a bug that allowed hackers to obtain phone numbers; and/or the Twitter user's email address; even if he hides via privacy settings.
"Exactly as HackerOne user zhirinovskiy described in a preliminary report in January, threat actors are now selling data allegedly obtained from this vulnerability," said Sven Taylor of Restore Privacy. "The post is still active today with Twitter's database of suspected 5.4 million users being sold."
"The seller on the hacking forum used the username 'devil'," Taylor continued, "and claimed that the data set included 'Celebrities, to Companies, random people, OGs, etc.'"
"We are contacting the seller of this database to gather additional information," Taylor said. "Seller requested at least USD 30,000 for the database, which is now available due to 'Twitter incompetence,' according to seller."
Advertisement
In response to this report, Twitter said it was investigating the authenticity of some of the information linked to the 5.4 million accounts sold on the hacking forum.
"We received a report of this incident several months ago through our bug bounty program, immediately thoroughly investigated and fixed the vulnerability. As always, we are committed to protecting the privacy and security of people who use Twitter," a Twitter spokesperson said. The Records.
"We thank the security community involved in our bug bounty program for helping us identify potential vulnerabilities like this. We are reviewing the latest data to verify the authenticity of claims and ensure the security of the account in question."
Twitter did not respond to a request for comment on what it would do to the account in question after they confirmed that the database had legitimate information.