• Only now Twitter admits hacking of 5.4M accounts.

    Home » Forums » Cyber Security Information and Advisories » Code Red – Security/Privacy advisories » Only now Twitter admits hacking of 5.4M accounts.


    Verified Twitter Vulnerability Exposes Data from 5.4 Million Accounts

    A verified Twitter vulnerability from January has been exploited by a threat actor to gain account data allegedly from 5.4 million users. While Twitter has since patched the vulnerability, the database acquired from this exploit is now being sold on a popular hacking forum, posted earlier today.

    Back in January, a report was made on HackerOne of a vulnerability that allows an attacker to acquire the phone number and/or email address associated with Twitter accounts, even if the user has hidden these fields in the privacy settings.

    The bug was specific to Twitter’s Android client and occurred with Twitter’s authorization process…

    August 5, 2022

    An incident impacting some accounts and private information on Twitter

    We want to let you know about a vulnerability that allowed someone to enter a phone number or email address into the log-in flow in the attempt to learn if that information was tied to an existing Twitter account, and if so, which specific account. We take our responsibility to protect your privacy very seriously and it is unfortunate that this happened. While there’s no action for you to take specific to this issue *, we want to share more about what happened, the steps we’ve taken, and some best practices for keeping your account secure…

    In July 2022, we learned through a press report that someone had potentially leveraged this and was offering to sell the information they had compiled. After reviewing a sample of the available data for sale, we confirmed that a bad actor had taken advantage of the issue before it was addressed…

    *No action to be taken by the users after a hacker has phone numbers and mail address ? really ?

    3 users thanked author for this post.
    Viewing 0 reply threads
    • #2468960

      Again and again…Security is not going to be taken seriously until there are laws on the books specifying fines that HURT fat cat CEO’s, and spell out corrective measures, a timeline for implementing them, and monetary damages for EACH individual account compromised.

      But, there are 1500+ lobbyists on K st. in D.C., and 535 members of Congress….so that’s around 3 lobbyists to every representative.

      I’m not holding my breath.

      Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Greenhorn
      "Courage isn’t the absence of fear; it's being scared to death and going on anyway. The man who says he's fearless is a fool, and I won't have him in my command.” —Unknown

      1 user thanked author for this post.
    Viewing 0 reply threads
    Reply To: Only now Twitter admits hacking of 5.4M accounts.

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: