For Sale: 5.4m Twitter Users’ Data

A criminal using the pseudonym ‘devil’ has built a Dark Web database containing the personal information of 5.4 Twitter users’ data and has listed the information for sale on a criminal forum, according to security researchers. The user database is currently for sale on the Breached Forums website for $30,000. 

The seller says they have used a vulnerability in Twitter systems reported in January and also claims that the information included is phone numbers and email addresses, including that of celebrities and companies.

The hacker claims to have exploited a vulnerability first reported by a HackerOne user. The bug allowed an attacker to find a Twitter user’s phone number and email address, even if the user had them hidden in privacy settings. 

The attacker explained how to exploit the bug in their HackerOne report and Twitter removed the bug within five days, but even this may have given attackers a lot of time to take criminal advantage.  

"We received a report of this incident several months ago through our bug bounty program, immediately investigated thoroughly and fixed the vulnerability... As always, we're committed to protecting the privacy and security of the people who use Twitter. We're grateful to the security community who engages in our bug bounty program to help us identify potential vulnerabilities such as this." a Twitter spokesman told reporters.

 Twitter users have taken to the platform to complain that the company did not notify its users of the breach.

Security Affairs:      Infosecurity Magazine:       Oodlaoop:    Masterjtips:     The Register

You Might Also Read: 

Twitter Fined $150m For Selling User Data:

 

« Over One Hundred Arrests In Business Email Compromise Swoop
Mercenary Hacking Group Selling Spyware »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Cyber Conflict Studies Association (CCSA)

Cyber Conflict Studies Association (CCSA)

Cyber Conflict Studies Association (CCSA) is a non-profit organization dedicated to leading a diversified research agenda in the field of cyber conflict.

Ethio-CERT

Ethio-CERT

National Cyber Emergency Readiness and Response Team of Ethiopia.

Huntsman Security

Huntsman Security

Huntsman Security provides technology to enable real-time security monitoring and immediate visibility of advanced threats and compliance issues.

MadSec Security

MadSec Security

MadSec Security is a leading consulting company whose expertise are information and cyber security.

Malomatia

Malomatia

Malomatia is a leading provider of technology services and solutions in Qatar including information security.

Titanium Industrial Security

Titanium Industrial Security

Titanium Industrial Security specializes in advising and accompanying companies on cybersecurity in Connected Industry (Industry 4.0 / Smart Factory / IIoT).

Approach

Approach

Approach is a leading provider of cyber security consulting and secure application development services in Belgium.

Careerjet

Careerjet

Careerjet is a leading online job search engine with a large presence worldwide, sourcing millions of job ads from thousands of websites from all over the world in areas including Cybersecurity.

Adlumin

Adlumin

Adlumin Inc. provides the enterprise-grade security operations platform and managed detection and response services that keep mid-market organizations secure.

36 Group

36 Group

36 Group's criminal law team, has the experience and specialist knowledge to conduct effectively trials heavily concerned with the growing phenomenon of Cybercrime.

Carve Systems

Carve Systems

Carve Systems was founded to bring enterprise level information security, training, and risk management services to organizations of any size and industry.

689cloud

689cloud

689Cloud is a cloud content collaboration platform that allows users to protect, track, and control files AFTER they have been shared.

Everbridge

Everbridge

Everbridge provides enterprise software applications that automate and accelerate organizations’ operational response to critical events in order to keep people safe and businesses running.

National Institute for Research & Development in Informatics (ICI Bucharest)

National Institute for Research & Development in Informatics (ICI Bucharest)

ICI Bucharest is the most important institute in the field of research, development and innovation in information and communication technology (ICT) in Romania.

Elisity

Elisity

Elisity Cognitive Trust is a new security paradigm that combines Zero Trust Network Access and an AI-enabled Software Defined Perimeter.

DTS Systeme

DTS Systeme

DTS Systeme is an IT service provider with a focus on the core areas of datacenter, technologies and IT security.

Feroot Security

Feroot Security

Feroot Security secures client-side web applications so that businesses can deliver a flawless user experience to their customers. Our products help organizations protect their client-side surface.