For Sale: 5.4m Twitter Users’ Data

A criminal using the pseudonym ‘devil’ has built a Dark Web database containing the personal information of 5.4 Twitter users’ data and has listed the information for sale on a criminal forum, according to security researchers. The user database is currently for sale on the Breached Forums website for $30,000. 

The seller says they have used a vulnerability in Twitter systems reported in January and also claims that the information included is phone numbers and email addresses, including that of celebrities and companies.

The hacker claims to have exploited a vulnerability first reported by a HackerOne user. The bug allowed an attacker to find a Twitter user’s phone number and email address, even if the user had them hidden in privacy settings. 

The attacker explained how to exploit the bug in their HackerOne report and Twitter removed the bug within five days, but even this may have given attackers a lot of time to take criminal advantage.  

"We received a report of this incident several months ago through our bug bounty program, immediately investigated thoroughly and fixed the vulnerability... As always, we're committed to protecting the privacy and security of the people who use Twitter. We're grateful to the security community who engages in our bug bounty program to help us identify potential vulnerabilities such as this." a Twitter spokesman told reporters.

 Twitter users have taken to the platform to complain that the company did not notify its users of the breach.

Security Affairs:      Infosecurity Magazine:       Oodlaoop:    Masterjtips:     The Register

You Might Also Read: 

Twitter Fined $150m For Selling User Data:

 

« Over One Hundred Arrests In Business Email Compromise Swoop
Mercenary Hacking Group Selling Spyware »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Global Knowledge Training

Global Knowledge Training

Global Knowledge is a worldwide leader in IT and business training, featuring Cisco, Microsoft, VMware, IBM, security, cloud computing, and project management.

Malware.lu

Malware.lu

Malware.lu is a repository of malware and technical analysis. The goal of the project is to provide samples and technical analysis to security researchers.

High Sec Labs (HSL)

High Sec Labs (HSL)

High Sec Labs develops high-quality, cyber-defense solutions in the field of network and peripheral isolation.

Purple Security

Purple Security

Purple Security arises from the association of specialists in offensive security (ethical hackers, white hats) and experts in insurance, compliance and implementation of industry standards.

6point6

6point6

6point6 is a technology consultancy with strong expertise in digital transformation, emerging technology and cyber security.

AmWINS Group

AmWINS Group

AmWINS are a global specialty insurance distributor with expertise in property, casualty and professional lines including cyber liability.

Clario Tech

Clario Tech

Clario is a simple, comprehensive, personalized protection app. It comes with a full suite of intelligent security software and intelligent people to help you live a better, safer digital life.

Bionic

Bionic

Bionic is an agentless way to get control over your increasingly complex applications so you can manage, operate, and secure them faster and more efficiently.

ThreatLocker

ThreatLocker

The ThreatLocker Platform provides a Zero Trust security solution that offers a unified approach to protecting users, devices, and networks against the exploitation of zero day vulnerabilities.

Wib

Wib

Wib is an API security leader. We are the only company providing a solution for the entire API development lifecycle.

Protos Labs

Protos Labs

Protos Labs enables insurers & enterprises to make better cyber risk decisions through holistic, real-time risk management tools.

Lansafe

Lansafe

Lansafe stands as a leading managed service provider in the UK, seamlessly integrating IT, Telecoms, Security, Electrical and Cyber Security solutions.

Fingerprints

Fingerprints

Fingerprints is the world-leading biometrics company. Our solutions are found in millions of devices providing safe and convenient identification and authentication with a human touch.

WillCo Tech

WillCo Tech

WillCo Tech works to enhance national security and force readiness for military and commercial enterprises with a suite of software capabilities surrounding the human element of cybersecurity.

SoteriaSec

SoteriaSec

SoteriaSec is a premier cybersecurity firm providing comprehensive digital forensics and incident response services.

CNNECT

CNNECT

CNNECT are specialists in cloud, collaboration and cybersecurity, constantly evolving the way in which we understand, advise and deploy these technologies