Last year’s massive Twitter data breach, which exposed more than five million phone numbers and email addresses, was worse than initially reported. We have been shown evidence that the same vulnerability has been exploited by several bad actors, and the compromised data has been offered for sale on the dark web by several sources.
It was previously believed that only one hacker gained access to the data, and Twitter’s belated acceptance has reinforced this impression…
Hacker One First reported in January, the vulnerability allowed anyone to enter a phone number or email address, and then find the associated twitterID. This is an internal ID used by Twitter, but it can easily be converted into a Twitter account.
The bad actor will be able to compile a single database of Twitter handles, email addresses, and phone numbers.
At the time, Twitter acknowledged the existence of the vulnerability, and it was later patched, but said nothing about anyone exploiting it.
Restore privacy I later reported that a hacker had already used the vulnerability to obtain personal data from millions of accounts.
A verified Twitter vulnerability from January was exploited by a threat actor to allegedly obtain account data from 5.4 million users. While Twitter has since patched the vulnerability, the alleged database from this exploit is now being sold on a popular hacking forum, posted earlier today.
Twitter later confirmed the hack.
In July 2022, we learned through a newspaper report that someone had taken advantage of this and was offering to sell the information they had collected. After reviewing a sample of the data available for sale, we ensured that a bad actor had taken advantage of the problem before we tackled it.
Twitter’s massive data breach is plural, not singular
There were suggestions on Twitter yesterday that the same personal data was being accessed by many bad actors, not just one. 9to5Mac He now saw evidence that this was indeed the case. A dataset containing the same information was shown in a different format, which a security researcher stated was “definitely a different threat”. The source told us this was just one of a number of files they saw.
The data includes Twitter users in the United Kingdom, nearly every country in the European Union, and parts of the United States.
I’ve got multiple files, one file for each phone number country code, that contains the phone number <-> Twitter account name association for entire country phone number space from +XX 0000 to +XX 9999.
Which Twitter account has the discovery feature | The Late 2021 phone option is enabled in the data set.
The option referenced here is a setting hidden deep within Twitter’s settings, and appears to be on by default. Here is a direct link.
The bad actors are believed to have been able to download around 500,000 records per hour, and the data has been offered for sale by multiple sources on the dark web for around $5,000.
The security expert who tweeted about it has been suspended
Another security expert tweeted yesterday about the issue, and had his Twitter account suspended the same day. An internationally recognized computer security expert Chad Lauder Expect a Twitter reaction, and it was confirmed within minutes.
They told me that many hackers obtained the same data and combined it with data obtained from other breaches.
There appear to be multiple threat actors, operating independently, collecting this data throughout 2021 for both phone numbers and emails.
The email-Twitter associations were derived by running large existing databases of over 100 million email addresses through this Twitter discovery vulnerability.
We’ve been reaching out to Twitter for comment, but Musk fired his entire media relations team, so…
FTC: We use affiliate links to earn income. more.
Check out 9to5Mac on YouTube for more Apple news: