Last month, Twitter agreed to pay $150 million in compensation for using user data for advertising purposes. Making a statement about the investigation completed by the US Federal Trade Commission (FTC), Twitter stated that the violation may have occurred “by mistake”.
Twitter announced in January that a security vulnerability had occurred. According to the allegations made today, the account data of 5.4 million users was seized by hackers. Even though Twitter has since fixed the vulnerability, data allegedly obtained from this data leak has been put up for sale on a popular hacking forum.
He explained that the data breach was caused by a security vulnerability that was discovered in January.
According to the news shared in Restore Privacy, it was announced that the breach occurred due to a security vulnerability on Twitter in January. The following statements were included in the statement:
“A verified Twitter vulnerability in January was exploited by a hacker to allegedly extract account data from 5.4 million users. Although Twitter has since fixed the vulnerability, the database allegedly recovered from this exploit is now sold on a popular hacker forum. ”
According to a post shared on HackerOne in January, it was announced that there is a vulnerability that allows hackers to capture the phone number or email address of the user’s Twitter account, even if the user has hidden this leaked information in their privacy settings. Allegedly, a hacker is now selling the data obtained from this vulnerability for at least $30,000.
Data is sold on a popular hacker forum
It has been noticed that there is a new user who sells the data of more than 1 billion Chinese citizens and sells the data of Twitter users in Breached Forums, a popular hacker form around the world. Twitter data, which is claimed to contain the data of 5.4 million users, is still live on the site. The seller on the hacker forum uses the username “devil” and claims that the data includes data from celebrities, companies, random people.
The owner of the hacker forum confirmed that this attack was real and explained that he checked two samples of the data in Restore Privacy. Announcing that it has downloaded the sample database for verification and analysis, Restore Privacy stated that the data includes public profile information, as well as Twitter users’ emails and phone numbers registered in the account.
There is no way yet to check if your account was involved in the Twitter data breach. As always, beware of phishing attacks. It looks like this data breach will give Twitter a headache for a long time, and the company has yet to make any statements about it.