Twitter hacker touting the data of over 5.4 million users for $30,000
Over 5.4 million Twitter users have been targeted in a major breach of personal data following revelations earlier this year that the site had a serious security flaw. The security flaw came to light in January 2022, when a user on HackerOne named “zhirinovskiy” pointed out that Twitter was vulnerable to hackers seeking to use information for malicious purposes. At the time, Zhirinovskiy detailed exactly how to exploit the bug and described it as a “serious threat” even in the hands of those with only a “basic knowledge” of scripting and coding. Twitter acknowledged the problem five days later and appeared to have fixed the problem a week after that, when it rewarded Zhirinovskiy with a $5,040 bounty for bringing the vulnerability to its attention. Despite the fix, the phone numbers and email addresses of millions of users, including celebrities, companies, and day-to-day account holders or those with desirable handles, were breached and are now being sold via a post on a dark web site called Breached Forums. A seller with the username ‘devil’ claims that “Celebrities, to Companies, randoms, OGs, etc” are included in the data set and is asking for at least $30,000.
Read here
Next Steps:
Potentially affected users are encouraged to change their Twitter password, Potentially affected users should be vigilant about unsolicited telephone calls, SMS messages or emails that inquire about your personal information, Potentially affected users should be wary of suspicious requests that seek to gain further personal information
Breach occurred on Security flaw causing breach discovered in Jan 2022
Bob
Over 5.4 million Twitter users have been targeted in a major breach of personal data following revelations earlier this year that the site had a serious security flaw. The security flaw came to light in January 2022, when a user on HackerOne named “zhirinovskiy” pointed out that Twitter was vulnerable to hackers seeking to use information for malicious purposes. At the time, Zhirinovskiy detailed exactly how to exploit the bug and described it as a “serious threat” even in the hands of those with only a “basic knowledge” of scripting and coding. Twitter acknowledged the problem five days later and appeared to have fixed the problem a week after that, when it rewarded Zhirinovskiy with a $5,040 bounty for bringing the vulnerability to its attention. Despite the fix, the phone numbers and email addresses of millions of users, including celebrities, companies, and day-to-day account holders or those with desirable handles, were breached and are now being sold via a post on a dark web site called Breached Forums. A seller with the username ‘devil’ claims that “Celebrities, to Companies, randoms, OGs, etc” are included in the data set and is asking for at least $30,000.
Read here
Next Steps:
Potentially affected users are encouraged to change their Twitter password, Potentially affected users should be vigilant about unsolicited telephone calls, SMS messages or emails that inquire about your personal information, Potentially affected users should be wary of suspicious requests that seek to gain further personal information
Breach occurred on Security flaw causing breach discovered in Jan 2022
Bob
Last edited:
