Due to a security flaw discovered in the Twitter Android application, user data could be collected by hackers. They include e-mail addresses and telephone numbers.
Bad news for Twitter users: a hacker has put up for sale a file containing the data of 5.4 million social network accounts. This database contains email addresses and phone numbers associated with accounts. The hacker appeared on Breached Forums, a forum where stolen data is sold.
The hacker indicates that the file contains, among other things, contact details of companies and celebrities. An analysis of an excerpt from the file proved the data to be true, by comparing the data with information from public user profiles. The hacker asks no less than 30,000 dollars to sell this database and specifies that it is available because of Twitter’s incompetence.
So what happened? In January, a report was sent to the platform HackerOne, for coordinating vulnerabilities and bug fixes. This platform connects companies with flaw testers and cybersecurity researchers. A user, who adopted the name of Russian politician Vladimir Volfovich Zhirinovsky as his pseudonym, alerted Twitter to a vulnerability that allows obtaining a Twitter handle from an email address or phone number. , even if the account owner has blocked this type of request. The internal ID can then easily be transformed into a username. A hacker can thus build a database with account names, email addresses and phone numbers. This vulnerability only affects the Android version of the social network app. It works even if the Twitter account has been suspended.
Twitter recognized the flaw and granted user zhirinovsky a reward of $5,040. The flaw was patched on January 13.
Alas, it seems that hackers had time to exploit this flaw before it was corrected and to build a database. Twitter said the company was investigating the situation, but did not provide further details at this time. In addition, it is currently not possible to know if your Twitter account is affected and is part of the database.
Restore Privacy
[related_posts_by_tax taxonomies=”post_tag”]
The post A Twitter flaw made data from 5.4 million accounts accessible appeared first on Gamingsym.