A hacker has exploited a publicly known flaw for more than seven months to sell a massive database.
Yet another leak of information has hit social networks. According to a report by Restore Privacy on July 21, 2022, a hacker sold the data of 5.4 million Twitter users for around 30,000 euros on a forum frequented by cybercriminals.
The experts contacted the seller in question, confirming that a database of the social network was indeed for sale. The file contained usernames, corresponding email addresses and phone numbers. No password was recovered, however. The database is no longer available on the forum.
An already known flaw
The hacker would have taken advantage of a security flaw spotted in December 2021 and shared publicly. It was an ethical hacker who detected this bug in the code of the social network. He described the breach in a post on the Hackerone site in January. ” Vulnerability allows any party to retrieve a Twitter ID by submitting a phone number/email even if the user in question has blocked this search in the settings confidentiality “, describes the expert under the pseudonym “Zhirinovskiy”.
” This bug exists due to the authorization process used by Android users, especially in checking for duplicate Twitter account. Twitter even rewarded the researcher with a check for $5,040. Despite everything, the hackers were able to exploit this flaw, which means that the platform was not able to correct this vulnerability in time. This raises all the more questions about the security measures taken by social networks.
