A database containing 5.4m Twitter users’ data is reportedly for sale on a popular criminal forum. Twitter is investigating the issue, which the seller said exploited a vulnerability in its systems reported in January.
The seller, using the nickname ‘devil,’ advertised the data on the Breached Forums site and demanded at least $30,000 for it. They said that the database contains the phone numbers and email addresses of users, including celebrities and companies.
The hack reportedly exploits a vulnerability first reported by a HackerOne user known as ‘zhirinovskiy.’ That bug enabled “an attacker with a basic knowledge of scripting/coding” to find a Twitter user’s phone number and email address, even if the user has hidden them in privacy settings. The attacker explained how to exploit the bug in their HackerOne report. Twitter acknowledged the bug and fixed it five days later.
Comments are closed.