A security vulnerability in Twitter’s Android client that was discovered and patched in January has been exploited and the account details of 5.4 million users are on sale. On a popular hacker forum Broken forums offers the “devil” user the entire 5,485,636 accounts. It would contain accounts of celebrities, companies and regular users. The user also offers a sample. According Restore Privacywho reviewed the sample, charges the user at least $30,000 for the dataset.
The leak was discovered on January 1 by user zhirinovskiy. The vulnerability could allow an attacker to read data associated with the Twitter account, such as email address and phone number, even though it should have been hidden through privacy settings. The finder called the leak serious and immediately took it to Twitter. An attacker with basic programming and scripting skills could search Twitter’s user database and create a list of Twitter account names with hidden data. Such a database – as currently on sale – can be used for follow-up attacks against those affected. A cybercriminal could link all kinds of data together and try to hack into other services or disadvantage users through direct access.
Twitter confirmed the vulnerability on January 6 and paid a reward of $5,040. On January 13, the leak was fixed and zhirinovskiy confirmed that the issue had been resolved. Twitter has a support page in case you think your account has been hacked, but there are no suggestions for this situation yet.
« Previous article Next article »
“Bacon trailblazer. Certified coffee maven. Zombie lover. Tv specialist. Freelance communicator.”