Twitter confirms data breach was caused by a zero-day vulnerability

Twitter has confirmed a recent data breach was caused by a now-patched zero-day vulnerability used to link email addresses and phone numbers to users' accounts, allowing a threat actor to compile a list of 5.4 million user account profiles. Last month, BleepingComputer spoke to a threat actor who said that they were able to create a list of 5.4 million Twitter account profiles using a vulnerability on the social media site. Furthermore, as two different threat actors have already purchased this data, users should be on the lookout for targeted spear-phishing campaigns utilizing this data to steal your Twitter login credentials. This allowed the threat actor to create profiles of 5.4 million Twitter users in December 2021, including a verified phone number or email address, and scraped public information, such as follower counts, screen name, login name, location, profile picture URL, and other information. Today, Twitter has confirmed that the vulnerability used by the threat actor in December is the same one reported to and fixed by them in January 2022 as part of their HackerOne bug bounty program., "In January 2022, we received a report through our bug bounty program of a vulnerability that allowed someone to identify the email or phone number associated with an account or, if they knew a person's email or phone number, they could identify their Twitter account, if one existed," Twitter disclosed in a security advisory today. This vulnerability allowed anyone to submit an email address or phone number, verify if it was associated with a Twitter account, and retrieve the associated account ID. However, the threat actor claims to have used the flaw to gather the data of 5,485,636 Twitter users. For those using a pseudonymous Twitter account, the social media company suggests you keep your identity as anonymous as possible by not using a publicly known phone number or email address on your Twitter account. (). Continue reading.

Related Hacker News news

You may also be interested in Religion USB Robots Carrie macOS Celebrities mobility Flash