For Sale: 5.4m Twitter Users’ Data

Uploaded on 2022-08-02 in TECHNOLOGY-Key Areas-Social Media, TECHNOLOGY--Hackers, FREE TO VIEW

A criminal using the pseudonym ‘devil’ has built a Dark Web database containing the personal information of 5.4 Twitter users’ data and has listed the information for sale on a criminal forum, according to security researchers. The user database is currently for sale on the Breached Forums website for $30,000. 

The seller says they have used a vulnerability in Twitter systems reported in January and also claims that the information included is phone numbers and email addresses, including that of celebrities and companies.

The hacker claims to have exploited a vulnerability first reported by a HackerOne user. The bug allowed an attacker to find a Twitter user’s phone number and email address, even if the user had them hidden in privacy settings. 

The attacker explained how to exploit the bug in their HackerOne report and Twitter removed the bug within five days, but even this may have given attackers a lot of time to take criminal advantage.  

"We received a report of this incident several months ago through our bug bounty program, immediately investigated thoroughly and fixed the vulnerability... As always, we're committed to protecting the privacy and security of the people who use Twitter. We're grateful to the security community who engages in our bug bounty program to help us identify potential vulnerabilities such as this." a Twitter spokesman told reporters.

 Twitter users have taken to the platform to complain that the company did not notify its users of the breach.

Security Affairs:      Infosecurity Magazine:       Oodlaoop:    Masterjtips:     The Register

You Might Also Read: 

Twitter Fined $150m For Selling User Data:

 

« Over One Hundred Arrests In Business Email Compromise Swoop
Mercenary Hacking Group Selling Spyware »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Cryptomathic

Cryptomathic

Cryptomathic is an expert on commercial crypto - we develop, deliver and support the most secure and efficient off-the-shelf and customised solutions.

Auth0

Auth0

Auth0 is a cloud service that provides a set of unified APIs and tools that instantly enables single sign-on and user management for any application, API or IoT device.

Dathena

Dathena

Dathena is a company developing data governance software based on machine learning algorithms.

Risk Ledger

Risk Ledger

Risk Ledger is improving the security of the global supply chain ecosystem, reducing the number of data breaches experienced through supply chain attacks by companies and consumers alike.

GateKeeper Enterprise

GateKeeper Enterprise

The GateKeeper Enterprise software is an identity access management solution. Automated proximity-based authentication into computers and websites. Passwordless login and auto-lock PCs.

Boeing

Boeing

Boeing is the world's largest aerospace company and leading manufacturer of commercial jetliners, defense, space and security systems.

Tech Vedika

Tech Vedika

Tech Vedika has access to technical guidance, training and resources from AWS to successfully undertake solution architecture, application development, application migration, and managed services.

Web3fied

Web3fied

Web3fied is a seed stage company building the future of decentralized digital identity and credentials management.

PatchAdvisor

PatchAdvisor

PatchAdvisor core services include Vulnerability Assessments/Penetration Testing, Application Vulnerability Assessments, and Incident Response.

Epic Machines

Epic Machines

Epic Machines is a Value Added Reseller and Managed Security Services provider offering Security Transformation using Cloud-native solutions to commercial and government markets.

Sequentur

Sequentur

Sequentur is an award-winning Managed IT Services company. We are SOC 2 certified and provide Managed IT Services and Cybersecurity services to businesses nationwide.

DeviQA

DeviQA

DeviQA provide best-in-class quality assurance services to companies of all sizes.

Vortacity Cyber

Vortacity Cyber

Vortacity is a boutique cybersecurity provider specializing in associations, nonprofits, and mission-based organizations.

Sasken Technologies

Sasken Technologies

Sasken’s Cybersecurity Services enables enterprises to develop, maintain, and take digital products to the market with security postures that empower operational excellence.

Secure Cyber Management

Secure Cyber Management

Secure Cyber Management provides industry-leading cloud security advice, guidance and services.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.