Twitter Bug Let Hack Get Data Of 5.4 Million Users, Up For Sale For $30,000


Through the use of an earlier this year discovered and patched vulnerability, this data had been taken from Twitter’s databases.

Hackers were able to access the personal information of 5.4 million Twitter users thanks to a weakness in the company’s systems.According to sources, this data is available for purchase for $30,000, or Rs. 23.96 lakhs.

Back in January of this year, HackerOne revealed that a Twitter vulnerability made millions of users’ personal information—including their phone numbers and email addresses—vulnerable to anyone’s access.The vulnerability basically allows anyone to enter a phone number or email address and then discover the corresponding twitterID.What’s alarming is that even if a person has enabled privacy settings to make these facts private, they could still be accessible.

Even though the user has blocked this action in the privacy settings, the vulnerability enables any party to obtain a twitter ID (which is practically equivalent to gaining the username of an account) of any user by providing a phone number or email.The Twitter Android client’s authorization procedure, notably the step where it checks for duplicate accounts, is where the flaw is located, according to a user who uses the handle “zhirinovksiy” on the platform.The author of the post also included instructions on how to obtain proof-of-concept, or, in other words, how to duplicate the vulnerability.

At the time, Twitter referred to the vulnerability as a “legitimate security problem”.Additionally, it had given the researcher a reward of $5,040, or Rs. 4.02 lakh.

Since then, the microblogging platform has patched the problem.Nevertheless, a hacker took advantage of the flaw while it was still present on Twitter, and they are now seeking $30,000 to grant access to the information.

The hacker is reportedly selling the Twitter database on Breached Forums, according to a report by Restore Privacy (via 9To5 Mac).The report claims that the dataset include “Celebrities, to Companies, randoms, OGs, etc”. and that the post by the user name “devil” is still active on the platform.

The unscrupulous hacker also posted a sample of database data on Breached Forums, which the media independently validated.

Twitter has not yet responded to the situation.

Found this article interesting? Follow BG on Facebook, Twitter and Instagram to read more exclusive content we post.

0 0 votes
Article Rating
Notify of

Inline Feedbacks
View all comments

Latest news

LG Ultra PC 14-Inch, 16-Inch Laptops With AMD Ryzen 5000 Series Processors Launched

The laptops of the LG Ultra PC series include anti-glare IPS panels with minimal bezels. Last week, LG introduced 14-inch...

Samsung Galaxy A23 5G With 6.6-Inch Infinity-V Display, 5,000mAh Battery Launched

Table of ContentsSamsung Galaxy A23 5G price, availability (expected)Samsung Galaxy A23 5G specifications Samsung has not yet revealed the Galaxy...

LG Ultra Tab With 10.35-Inch Display, Snapdragon 680 SoC Launched

Table of ContentsLG Ultra Tab priceLG Ultra Tab specifications The 7,040mAh battery in the LG Ultra Tab supports 25W rapid...

OnePlus 10T Glacier Mat Case With Sustainable Circulation Cooling, Bumper Case Sandstone Launched In India

Table of ContentsOnePlus 10T Glacier Mat Case, Bumper Case Sandstone, Tempered Glass price in India A tempered glass for the...

Latest Updates

Must read

Twitter to shut down TweetDeck for Mac on July 1

It should be noted that users can continue to...

You might also likeRELATED
Recommended to you

Would love your thoughts, please comment.x