Pages

Trouble For Twitter As Data From More Than 5 Million Accounts Stolen And Leaked Publicly And Privately

The controversies that surround the world of Twitter are plenty and this next piece of news is definitely turning heads for obvious reasons.

A new report has gone on to speak about how data belonging to more than 5 million users on the digital platform is now up for grabs at various hacking forums. Other than that, it’s being shared both publicly and privately as it entails some information through API vulnerabilities.

The news comes to us thanks to one security researcher that proved how such a bug was going to be abused widely through the likes of threat actors. This information entails a lot of public information which has been scrapped including phone numbers and email IDs that aren’t for the public.

As one person can probably imagine, the threat actor who began the ordeal has really started to raise alarm bells after selling off the private and sensitive matter for more than $30,000. Moreover, the information was taken in December of last year via email IDs that took such an API into consideration and make records comprising such details via a Twitter ID.

For now, it’s not confirmed if the disclosure arising right now was leaked through HackerOne but a close source at BleepingComputre mentioned how several threat actors made use of the bug so private information could be extracted through Twitter.

After setting out an example of user records on the app, this particular social media firm showed how a massive data breach occurred with this API bug and yes, it was fixed at the start of this year.

The owner of the hacking forum Breached shared his input on the matter using the API that was used to hack the details and they confirmed how they were behind the bug and that’s how they got the huge dump of records for Twitter users after one threat actor called Devil shared this vulnerability alongside them.

Other than records for sale, there were an additional 1 million more profiles that had suspended profiles and data arising from those. But the hacking organization claims that such data was never sold but it was definitely shared through private means among a small group of people.

Then in the month of September, we saw how nearly 5 million records on Twitter were shared free of cost on this particular forum. This entails all sorts of details like verification, status count, date of account creation, URL, screen name, and Twitter ID among all others.

Since such data can be used for other malicious purposes like phishing attacks, it's quite obvious that it needs to be scrutinized further.


Read next: Consumers perspective on brands boycotting Twitter for advertising

No comments: