Attacks Cloud Data Executive Decisions IoT Malware Mobile Network Security Strategy Threat Defense
Attacks Cloud Data Executive Decisions IoT Malware Mobile Network Security Strategy Threat Defense

5.4 million Twitter accounts reportedly on sale in hacking forum

The social media site is currently investigating the authenticity of claims that 5.4 million accounts have been breached and are for sale on hacking forums

Add bookmark
Olivia Powell
Olivia Powell
07/27/2022
5.4 million Twitter accounts reportedly on sale in hacking forum

Social media site Twitter has allegedly suffered a data breach of more than 5.4 million accounts that are now for sale on a hacking forum.

The hacker, who goes by the alias ‘devil’, claimed in a post on Breach Forums that the data stolen includes email addresses and phone numbers from “celebrities, companies, randoms, OGs, etc”. ‘OGs’ refers to Twitter handles that are either short, comprising of one or two letters, or a desirable word, like a first name. 

Devil reportedly will not be accepting offers “lower than [$30,000]” for the database. The hacker also shared a sample of the data, which, according to privacy resource center Restore Privacy, “match[es] up with real-world people that can be easily verified with public profiles on Twitter”.

A few hours after the post was made on Breach Forums, the owner of the site verified the authenticity of the leak and that the data breach was the result of a vulnerability on Twitter that was discovered in January of this year.

The vulnerability was discovered by zhirinovskiy, who submitted a report about it to vulnerability coordination and bug bounty platform HackerOne.

“The vulnerability allows any party without any authentication to obtain a twitter ID (which is almost equal to getting the username of an account) of any user by submitting a phone number/email even though the user has prohibited this action in the privacy settings. The bug exists due to the process of authorization used in the Android Client of Twitter, specifically in the process of checking the duplication of a Twitter account,” explained zhirinovskiy.

Zhirinovskiy went on to describe the potential harms this vulnerability could cause as it would allow “any attacker with a basic knowledge of scripting/coding [to] enumerate a big chunk of the Twitter user base” and use the data collected to create a database that linked Twitter usernames to their respective email address or phone numbers. This database could then be sold “to malicious parties for advertising purposes, or for the purposes of targeting celebrities in different malicious activities.”

The vulnerability was discovered on January 1st 2022, with Twitter verifiying the vulnerability on January 6th and paying zhirinovskiy to $5,040 patch the issue on January 13th. Zhirinovsky verified that the vulnerability had been solved that day.

Twitter has confirmed that it is investigating the data breach as of July 24th 2022, but has not said anything further on the matter. 

Tags: Twitter data data breach hacker White Hat hacking

RECOMMENDED

FIND CONTENT BY TYPE

Cyber Security Hub COMMUNITY

ADVERTISE WITH US

Advertise Now

JOIN THE Cyber Security Hub COMMUNITY

Join CSHUB today and interact with a vibrant network of professionals, keeping up to date with the industry by accessing our wealth of articles, videos, live conferences and more.

Learn more
iqpc logo

Cyber Security Hub, a division of IQPC

© 2024 All rights reserved. Use of this site constitutes acceptance of our User Agreement, Privacy Policy and Cookies Settings.

Careers With IQPC| Contact Us | About Us | Cookie Policy