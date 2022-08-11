- Advertisement -

In July, a stranger offered millions of Twitter user data for sale. Twitter now the authenticity of the data and wants to inform those .

Twitter has confirmed that unknown persons exploited a zero-day vulnerability in the short message service and were able to collect 5.4 million user records. The gap became known in January of this year and was already closed by Twitter at the time. In July, the records appeared on a forum for sale. Bleeping Computer reports that Twitter has now confirmed the extent of the incident and the authenticity of the data and has begun to notify those affected.

The serious vulnerability was made public on January 1st on the HackerOne platform; their discoverer reported them to Twitter as part of a bug bounty program and received a reward for doing so. It allowed the authorization process between the Twitter Android client and the Twitter servers to link multiple, actually private user data (in particular e-mail address and telephone number) to a Twitter account. An unknown attacker had apparently collected the data exposed in this way before the gap was closed and offered it for sale in July. Users are informed Twitter has now confirmed the course of events in a blog post and described it as “unfortunate”. Accordingly, the error was already in June 2021 in the relevant code. However, in January 2022, when Twitter found out about the vulnerability, the company was unable to discover any evidence of unauthorized data access. The data sets that emerged in July have now been analyzed and their authenticity confirmed, accounts" target="_blank" rel="external noopener">says the blog post. Twitter also announces that it wants to inform the affected users. Although no passwords were stolen during the incident, the company recommends the use of two-factor authentication. Twitter recommends that those who operate their Twitter account under a pseudonym should not store any private data such as email addresses or telephone numbers that could be used to identify them. What is Amazfit and what is its relationship with Xiaomi