Twitter zero-day

Hackers take advantage of a Twitter vulnerability, exposing 5.4 million accounts | CyberNcrypt


Twitter revealed on Friday that a now-patched zero-day bug was used to connect phone numbers and emails to user accounts on the social media platform. As a result of the vulnerability, if someone submitted an email address or phone number to Twitter’s systems, Twitter’s systems would tell the person which Twitter account, if any, the submitted email address or phone number was associated with.

Twitter stated that the bug, which was discovered in January 2022, was caused by a code change implemented in June 2021. As a result of the incident, no passwords were exposed.

The six-month delay stems from new evidence last month that an unidentified actor may have exploited the flaw prior to the fix to scrape user information and sell it for profit on Breach Forums.

Although Twitter did not reveal the exact number of users affected, the threat actor’s forum post shows that the flaw was exploited to compile a list of allegedly over 5.48 million user account profiles. The database is being sold for $30,000, according to to Restore Privacy, which disclosed the breach late last month.

Twitter stated that it is in the process of directly notifying affected account owners, while also urging users to enable two-factor authentication to protect against unauthorized logins.

It’s the most recent security breach to hit Twitter in recent years. Twitter agreed to pay the Federal Trade Commission $150 million in a settlement in May after the company used phone numbers and email addresses submitted by users for two-factor authentication to target advertising.

How useful was this post?

Click on a star to rate it!

Average rating 5 / 5. Vote count: 1

No votes so far! Be the first to rate this post.

Similar Posts