Personal data of 5.4 million Twitter users stolen

0
8
gif en twitter facilmente.jpeg
gif en twitter facilmente.jpeg
Share on Facebook Share on LinkedIn Share on Pinterest Share to Email Share on Telegram Share on WhatsApp

During the month of January of this year, a vulnerability in the social network Twitter was exploited by an as yet unidentified attacker who was able to obtain data from the accounts of 5.4 million Twitter users.

The data that has been accessed is the name and phone number or email address of 5.4 million Twitter users

The vulnerability specifically affected the Android version of the Twitter application, and occurred in the access authorization process, when the user’s identity is verified and it is verified that there are no duplicate accounts.

That security flaw was later fixed by Twitter, but the data obtained by the hacker has been put up for sale on Breached Forums, a famous hacker forum today. The data acquired through this vulnerability is the name and phone number or email address associated with the user’s account. Even if the user had configured such data to remain hidden, it has been possible to access it because Twitter’s own database has been affected, and it does contain such information.

According to the sales announcement, the data corresponds to both celebrities and companies as, for the most part, to anonymous users from all over the planet. The do that posted the ad sells that database for $30,000.

At the beginning of the year, a hacker named “Zhirinovsky” reported the existence of this vulnerability, warning about its consequences and the possibility that it could be exploited by an attacker. Twitter reacted and in just five days managed to contain the vulnerability, awarding the hacker “Zhirinokvsky” with a reward of $5,040 for his contribution to security of the platform. However, the review was not fast enough to prevent someone from having access to the data of 5.4 million Twitter user accounts.

SEE ALSO  The next thing about WhatsApp will be to prevent you from taking screenshots of profile photos

The use of Twitter with malicious intent is not new, since already in 2010 a massive campaign of tweets was detected that, with the claim of the Christmas campaign, contained links to websites with malware.