Breach, Threat Management

Twitter breach impacts over 5.4M users, data sold for $30K

More than 5.4 million Twitter users ranging from companies and celebrities to random users had their contact details compromised in a Twitter data breach stemming from the exploitation of an already addressed vulnerability, with the threat actor dubbed "devil" selling the stolen data for $30,000, BleepingComputer reports. Devil was able to scrape users' phone numbers and email addresses by abusing a vulnerability disclosed by security researcher "zhirinovskiy" that was fixed in January. "The vulnerability allows any party without any authentication to obtain a twitter ID (which is almost equal to getting the username of an account) of any user by submitting a phone number/email even though the user has prohibitted this action in the privacy settings," said zhirinovskiy. Devil denied any links with zhirinovskiy. While Twitter is still in the process of verifying the authenticity of the leaked data, BleepingComputer has already confirmed the accuracy of data belonging to some of the listed Twitter users.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.