Social networks today are a very important part of our lives. There are s of people who spend several hours a day on them, taking advantage of them to upload their own content or see that of other people. These networks are, as a general rule, quite secure in terms of the privacy of our data, but from time to time a fairly important security breach appears, such as the one that Twitter has suffered and that has caused the leak of more than 5 million . We tell you more about it.

As we will see later, the error that has caused The leak of this information occurred a few months agobut it was not until a few days ago that the person who had obtained the information from millions of accounts on the social network came to light. Over 5 million accounts This error to which we refer was discovered back in January of this year. The bug in question allowed exploiting a vulnerability that made it possible for the attacker to acquire the phone number and email address of Twitter accounts, even if the user had hidden such information in the privacy settings when managing your account on the social network. This error was specific to the Twitter client on Android. Scan texts with the Notes app on your iPhone to increase your productivity The bug was discovered by HackerOne user “zhirinovskiy”, who sent a report to Twitter on January 1 explaining the consequences this bug could have for Twitter users. Five days after submitting this report, the staff responsible for the social network acknowledged that it was a real and important security problem, and promised to investigate much more thoroughly to be able to solve it. After researching and trying to fix this issue, Twitter gave this user a reward of more than 5,000 dollars.

This vulnerability allows any party without any authentication to obtain a Twitter ID (which is almost the same as obtaining an account username) of any user. As we have said a little above, this error was reported in the past month of January and it did not take too long to be solved by the staff of this social network. Nevertheless, the consequences of this attack have not appeared until a few days ago.

As reported by the same HackerOne user, a person is currently selling the data supposedly obtained through this vulnerability. This user would be doing it through Breach Forumsa notorious hacking forum that already garnered international attention earlier this month by exposing information on more than 1 billion Chinese residents, which is outrageous.

This user, who calls himself “devil” in the forum, claims to have information on 5.4 million Twitter accounts, and according to this user, he even has information on large companies and celebrities. A few hours after this leak became official, the owner of these pirate forums verified the authenticity of this leak, and explained that all this information was indeed extracted through the security breach that was disclosed last January. This database is currently for sale, and according to Restore Privacy it would be selling for about 30,000 US dollars.