{"id":143944,"date":"2022-08-14T19:03:30","date_gmt":"2022-08-15T00:03:30","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2022\/08\/major-twitter-flaw-exposes-millions-of-celebrity-and-company-accounts"},"modified":"2022-08-14T19:03:30","modified_gmt":"2022-08-15T00:03:30","slug":"major-twitter-flaw-exposes-millions-of-celebrity-and-company-accounts","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2022\/08\/major-twitter-flaw-exposes-millions-of-celebrity-and-company-accounts","title":{"rendered":"Major Twitter flaw exposes millions of celebrity and company accounts"},"content":{"rendered":"

<\/a><\/p>\n

A cybersecurity expert that goes by the name Zhirinovskiy took to the HackerOne forum in January to report a vulnerability within Twitter\u2019s login pipeline. According to the report, the vulnerability was a gaping hole within the platform\u2019s cybersecurity, and just within a few days, Zhirinovskiy was able to successfully infiltrate and discover Twitter accounts linked to specific numbers and email addresses. Zhirinovskiy explained that a malicious party could easily find an individual\u2019s Twitter account with a phone number or email address.<\/p>\n

Zhirinovskiy contacted Twitter support about the security flaw, which was found in Twitter\u2019s Android app, and was rewarded a $5,040 bug bounty for the discovery. A patch was rolled out that fixed the major issue, but according to Restore Privacy<\/strong><\/a>, it was already too late as a malicious individual that uses the username \u201cdevil<\/strong>\u201d had already exploited the flaw and scraped 5,485,636 Twitter accounts. The swath of data was then thrown onto the dark web hacking community forum \u2018Breached Forums\u2019, where the lister claimed that the data included users that \u201crange from Celebrities to Companies, randoms, OGs, etc.<\/strong>\u201d<\/p>\n

Furthermore, the authenticity of the data that was stolen was verified by Restore Privacy, as well as the hacker that stole it. Notably, Devil listed the data for sale with an asking price of $30,000. It\u2019s not known if the stolen Twitter data was purchased by another party or is still available.<\/p>\n","protected":false},"excerpt":{"rendered":"

A cybersecurity expert that goes by the name Zhirinovskiy took to the HackerOne forum in January to report a vulnerability within Twitter\u2019s login pipeline. According to the report, the vulnerability was a gaping hole within the platform\u2019s cybersecurity, and just within a few days, Zhirinovskiy was able to successfully infiltrate and discover Twitter accounts linked [\u2026]<\/p>\n","protected":false},"author":556,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34],"tags":[],"class_list":["post-143944","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/143944","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/556"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=143944"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/143944\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=143944"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=143944"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=143944"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}