Twitter admits 2022 data leaks exploit same vulnerability — how to stay safe


Twitter today confirmed that the user data breach that leaked millions of users’ profiles, such as emails and phone numbers, in November used the same vulnerability in July 2022’s leak.

In a security update from Twitter, the post details the previous July 2022 data breach along with the recent November 2022 leak of users’ data. Twitter’s Incident Response Team compared the data reported by the media on July 21, 2022, with the November breach, and came to the conclusion that “the comparison determined that the exposed data was the same in both cases.”

As Twitter confirmed in August 2022, a Twitter vulnerability led to a hacker obtaining account data of 5.4 million users, and the stolen information, which claimed to include email and phone numbers, went up for sale for at least $30,000. Twitter acknowledged this bug as a “valid security issue” back in January 2022, awarding user zhirinovskiy with a $5,040 bounty for discovering it, and has since been patched.

Post of Twitter Hacker selling data (via Restore Privacy) (Image credit: Restore Privacy)

However, the threat actor, known as “devil,” apparently used this exploit to sell millions of users’ data, which is said to “range from Celebrities, to Companies, randoms, OGs, etc.”

As reported by BleepingComputer, In November 2022, another hacker released a JSON file that contained the 5.4 million records. However, another researcher spotted a new set of Twitter profiles that were scrapped using the same vulnerability, which wasn’t the same as the 5.4 million in July 2022. Apparently, the data set contained 17 million user profiles.

“In November 2022, some press reports published that Twitter users’ data had been allegedly leaked online,” Twitter’s security update states. “As soon as we became aware of the news, Twitter’s Incident Response Team compared the data in the new report to data reported by the media on 21 July 2022. The comparison determined that the exposed data was the same in both cases.”

The cybersecurity news site sampled a data set containing 1.4 million accounts and even contacted Twitter users to confirm if the leaked phone numbers were valid. Unfortunately, there are. This means the exploit spotted in January 2022 is still seeing its effects, and Twitter hasn’t confirmed the number of exposed users from the breach. 

Start using two-factor authentication





Source link

We will be happy to hear your thoughts

Leave a reply

DELA DISCOUNT
Logo
Enable registration in settings - general
Shopping cart