A threat actor known as ‘devil’ is selling database containing phone numbers and email addresses belonging to 5.4 million twitter accounts for $30,000.
The database contains info about various accounts, including celebrities, companies, and random users.
“Hello, today I present you data collected on multiple users who use Twitter via a vulnerability. (5485636 users to be exact),” reads the forums post selling the Twitter data.
In a conversation with the threat actor, BleepingComputer was told that they used a vulnerability to collect the data in December 2021. They are now selling the data for $30,000, and that interested buyers have already approached them.
Twitter has not confirmed the data breach at this time, telling BleepingComputer that they are investigating the authenticity of the claims.
“We received a report of this incident several months ago through our bug bounty program, immediately investigated thoroughly and fixed the vulnerability. As always, we’re committed to protecting the privacy and security of the people who use Twitter. We’re grateful to the security community who engages in our bug bounty program to help us identify potential vulnerabilities such as this.
We are reviewing the latest data to verify the authenticity of the claims and ensure the security of the accounts in question.”
However, BleepingComputer verified with some of the Twitter users listed in a small sample of data shared by the hacker that the private information (email addresses and phone numbers) is accurate.
(Via : Bleepingcomputer)
