Account details of more than five million Twitter users are being sold on the dark web forums for $30,000.
The threat actor, going by the astonishingly creative alias “devil” is selling data on 5.4 million users, apparently obtained by exploiting a vulnerability discovered in January 2022.
Twitter has apparently patched the hole, and even compensated the person that found it, going by the name “zhirinovskiy”, $5,040.
Investigating the leak
The database includes public-facing data, email addresses used to register the account, and phone numbers. While not having passwords included in the data set definitely helps with security, email addresses and phone numbers could still be used for other forms of phishing, identity theft (opens in new tab), and maybe even full account takeover.
The seller claims the database includes sensitive information on “Celebrities, Companies, randoms, OGs, etc.” It was also said that a sneek peak of the database was posted on the data breach discussion and leaks forum, Breach Forums, where its authenticity was confirmed.
Twitter said it was investigating the issue, but has refrained from any further comment so far.
The microblogging social network has been making headlines lately, as it goes back and forth with eccentric billionaire Elon Musk over his potential acquisition of the platform.
While initially, the Tesla CEO expressed his intent to buy the little blue bird, he decided to pull out, as it appears Twitter did not share exact data on the number of bots and fake accounts on the network, or how it plans to cut down on this type of fraud.
Twitter’s management still stands by its earlier reports that bots make up less than five percent of all accounts on Twitter. According to Business Of Apps (opens in new tab), Twitter has some 450 million active users.
Via: Restore Privacy (opens in new tab)