Twitter confirms vulnerability resulted in over 5 million accounts exposed

Twitter confirms vulnerability resulted in over 5 million accounts exposed
Twitter released a statement on Friday confirming that a vulnerability they had patched earlier this year was, in fact, used in a malicious attack to collect user data.

The company was forced to come clean after media reports about hacked account details surfaced on the web. According to Twitter, the company became aware of the problem in January 2022 via the company's bug bounty program. The bug had been in the code since June 2022 and was quickly fixed.



Now, the actual vulnerability and the exploit of it has to do with a form that provides the Twitter ID associated with the submitted phone number or email address. This shouldn't be publicly available, and according to a HackerOne report to Twitter, this happened even when the user had explicitly prohibited this action in the Twitter privacy settings.

This was abused to create lists consisting of Twitter IDs, phone numbers, and email addresses.

Last month Restore Privacy reported that over 5 million Twitter accounts were exposed by a hacker that was selling the database with Twitter IDs, phone numbers, and email addresses. For $30,000, the hacker by the name of "devil" claimed, you could receive information about "Celebrities, Companies, randoms, OGs, etc."



Twitter contends that there were no signs of abuse at the time of learning about the vulnerability in January 2022. While this might be possible, it seems odd that they couldn't detect any wrongdoing with an attack that likely just included a brute force-like guessing of email addresses and phone numbers, and managing to score 5.4 million account details.

Twitter has confirmed that the hacker's leaked data was retrieved using the vulnerability in question.

However, fortunately, the issue did not expose passwords and other more private information, but Twitter acknowledges that even email addresses and phone numbers attached to Twitter IDs are a grave violation of privacy. The company apologizes especially to the people that use pseudonyms, often for a very good reason, and might have been included in the more than 5 million accounts leaked.



Lastly, the company notes that if you are worried about the privacy of your phone number and email address, you might want to not add publicly known phone numbers or email addresses to the account. Furthermore, even though the hack didn't expose passwords or give access to the account itself, Twitter reminds us that having two-factor authentication enabled is good security practice.

Written by: Matti Robinson @ 8 Aug 2022 13:22
Tags
hacking Hacker vulnerability Twitter
Advertisement - News comments available below the ad
  • 4 comments
  • Frenco

    Twitter has confirmed that a suspected data breach in July led to account data being stolen. Twitter has confirmed that the phone numbers and email addresses from 5.4 million accounts have been stolen due to the zero-day vulnerability on the platform that was originally flagged in January 2022.

    frencoltd

    26.8.2022 02:37 #1

  • Frenco

    Nice put up. I truly like your content. It's inspiring and I absolutely like it. We are provide same services. Please go to my website. Frenco Ltd help Entrepreneurs who want to grow digitally, using modern sales channels and scale quickly worldwide. Our services includes Lead generation, A/B testing and rapid experimentation across SEO, SEM,Social media, and other marketing channels.<a href="https://frencoltd.com">FrencOltd</a>

    frencoltd

    29.8.2022 00:59 #2

  • Frenco

    Nice put up. I truly like your content. Its inspiring and I absolutely like it. We are provide same services. Please go to my website. Frenco Ltd help Entrepreneurs who want to grow digitally, using modern sales channels and scale quickly worldwide. Our services includes Lead generation, A/B testing and rapid experimentation across SEO, SEM,Social media, and other marketing channels. https://frencoltd.com/

    frencoltd

    29.8.2022 02:20 #3

  • Frenco

    Nice put up. I truly like your content. Its inspiring and I absolutely like it. We are provide same services. Please go to my website. Frenco Ltd help Entrepreneurs who want to grow digitally, using modern sales channels and scale quickly worldwide. Our services includes Lead generation, A/B testing and rapid experimentation across SEO, SEM,Social media, and other marketing channels. https://frencoltd.com/

    frencoltd

    31.8.2022 03:04 #4

© 2024 AfterDawn Oy

Hosted by
Powered by UpCloud