Account information of more than five million Twitter users is sold for $30,000 on dark web forums.
Using the controversial inventive nickname “devil”, the threat source sells data from 5.4 million users, apparently obtained by exploiting a vulnerability discovered in January 2022. It seems that Twitter has now fixed this gap and even paid a $5,040 reward to the person named “zhirinovskiy” who found it.
This database contains publicly available data, email addresses used to register the account, and phone numbers. While the absence of passwords in the dataset is certainly a good thing from a security standpoint, email addresses and phone numbers can be used for other types of phishing, identity theft, or even full account hijacking.
The seller claims that the database contains sensitive information about “celebrities, companies, random people”. It was also said that a confidential brief preview of the database was also posted on the data breach discussion and leak forum Breach Forums, where the authenticity of the data was also verified.
Twitter said it was investigating the issue, but has so far not commented on the matter.
Twitter has been making headlines a lot lately, due to billionaire Elon Musk’s attempt to buy the microblogging social networking platform. While the Tesla CEO initially expressed his intention to acquire Twitter, he decided to withdraw because Twitter did not share precise data on the number of bots and fake accounts on the network or how it plans to reduce such scams.
Twitter management stands behind previous reports that bots make up less than five percent of all accounts on Twitter. According to Business Of Apps, Twitter currently has around 450 million active users.
915
