Twitter confirms it was the victim of a massive data leak

Twitter has been confirmed Victim of cyberattack that resulted in 5.4 million users’ data being stolen and leaked platform to which it will send a notification to indicate that Your confidential information has been exposed.

At the beginning of the year, the platform received a report through the ‘bugs’ (bugs) and bounties program managed by the HackerOne firm. a vulnerability that scammers can exploit to access their users’ data, as he now explains on his blog.

Specifically, the HackerOne platform connects companies like Twitter with ‘hackers’ to test the social network’s security measures, looking for flaws and spotting them in exchange for financial rewards.

During the process of verifying a duplicate account, a HackerOne user known as ‘zhirinovskiy’ Discovered the vulnerability in the version of Twitter for AndroidD.

This vulnerability allowed anyone to enter an email address or phone number can access the corresponding Twitter IDif there is an account associated with that email or number.

As the company recently admitted, in an entry posted in the Privacy section of its blog, this system error it was the result of an update to your security codeImplemented in June 2021.

Twitter pointed out, When he became aware of this problem, he “immediately” investigated and made a request.. “At the time, we had no evidence that anyone was exploiting the vulnerability,” he said.

However, in July of this year, private media like RestorePrivacy reported on data collection and leaks from 5.4 million accounts. Available for sale on hack forum Violated Forums.

After reviewing the data that cybercriminals were marketing on this forum, the social network confirmed that they took advantage of the existing issue before offering a solution months ago.

Thus it was confirmed These users have been compromised and that it will continue to notify owners of affected accounts that their data has been leaked, but that those affected don’t really know all of it.

In order for users to protect their accounts and protect the information they contain, the company proposed a series of indicators, such as enabling two-factor authentication. With this, it was stated that the threat actors in this attack did not have access to the access credentials.

In addition, to keep their identities as confidential as possible, anonymous account holders, don’t associate them with a “public” phone number or email.

Source: Informacion


More from author

As a sign of solidarity with the Palestinians, all institutions and schools will be closed in Lebanon 02:53

Lebanon joined the international call for a general strike on Monday in solidarity with the Palestinian people. This was announced by Mahmud Mekkiya,...

Russians told about a bank withdrawing money from an account without customer consent 03:01

The bank has the right to write off money from the client's account without the client's consent in two cases: by court order or...

“Let’s see if we have enough strength”: Bystrov evaluated Krasnodar’s capabilities 02:50

Former Russian national team player Vladimir Bystrov shared his thoughts about Krasnodar's leadership in the Russian Premier League (RPL), which defeated CSKA Moscow in...

The USA announced that it is ready to take new measures against Houthi rebels 02:51

US Secretary of State Antony Blinken said that the US is ready to take all necessary measures to protect its ships and personnel against...