According to a recent report, a hacker is selling the account information of 5.4 million Twitter users for $30,000 on the Dark web after using a security flaw. The security bug issue in its system was identified by a bug bounty program to Twitter in January 2022, according to TWITTER NEWS.
According to Bug Bounty Report:
The bug bounty report was exposed by a security researcher and rewarded by 6,000$ by the Company. According to this report:
“Even if a user has disabled this in the privacy settings. An attacker can still find a Twitter account by its phone number or email exploiting this vulnerability. Even though the user has blocked this operation in the privacy settings, the vulnerability enables any party without any authentication to obtain a Twitter ID of any user by providing a phone number or email”.
The TWITTER EXPOSED Android client’s permission process, notably the step when an account’s duplicate is checked, is where the problem is present.
Brief Statement by Twitter:
On Friday, August 05, the micro-blogging platform published a brief statement about the severe vulnerability. In this statement, TWITTER EXPOSED the vulnerability and informed its users about the actual issue that happened with the platform. They let their users know that the vulnerability permitted someone to enter their phone number or email address into the log-in process to see. Whether they were connected to a Twitter account already, and if so, which account. Furthermore, TWITTER EXPOSED 5.4 MILLION ACCOUNTS that were hacked by an unknown cybercrime course and took responsibility for their privacy and protection.
Actions must take by users:
Further, in the statement issued on Friday, Twitter guide their users to protect their accounts in the meantime the company took action.
- Twitter will directly inform the account owners after the confirmation of the data.
- If one operates a pseudonymous Twitter account, then the risk of such incidents is likely to happen.
- Accounts that TWITTER EXPOSED must keep their identity, phone number, and email privately on their Twitter account.
- To prevent unauthorized logins, we urge everyone who uses Twitter to implement two-factor authentication using hardware security keys or authentication software.
- For further information about the privacy of accounts, reach out to our Office of Data protection center.
Reason for Vulnerability:
According to TWITTER NEWS, in June 2021 the change in our code introduced this problem. When we became aware of this, we looked into it right away and resolved it. We didn’t have any proof that someone had exploited the vulnerability at the time. We discovered in July 2022 through a press article that a TWITTER ACCOUNT was EXPOSED by someone. They might have taken advantage of this and were attempting to sell the data they had gathered.
Actions are taken by Twitter
To resolve this issue, Twitter verified and analyzed the sample database and downloaded it. After the verification of TWITTER EXPOSED ACCOUNTS, the company came to know that the affected accounts belonged to people from all across the world. In addition, they are represented along with their public profile information and the email or phone number associated with their Twitter account. In order to gather additional information regarding the TWITTER EXPOSED accounts, the company also reached out to the seller of the database. All the information regarding the hacked data of Twitter is already disclosed. And the seller is asking for no more than 30,000$ for the database.
According to July 24, 2022, TWITTER NEWS Update:
“Twitter has confirmed they are investigating the situation, but has not provided any more information at this time”.
The above issue is similar to the vulnerability found in 2019 that allowed a security expert to link 17 million phone numbers to Twitter accounts. Despite the exposure of security issues in 2019, the Company did not make any efforts on its privacy. Now TWITTER EXPOSED 5.4 MILLION ACCOUNTS as consequences.