A vulnerability has been exploited in Twitter’s Android client that was discovered and patched in January, and the account details of 5.4 million users are up for sale. In a famous hacker forum broken forums The user “Satan” offers a group of 5,485,636 accounts. It will contain the accounts of celebrities, companies and regular users. The user also provides a sample. according to RestorePrivacywho checked the sample, charges the user at least $30,000 for the dataset.
The leak was discovered on January 1 by user zhirinovskiy. The vulnerability could allow an attacker to read data associated with a Twitter account, such as an email address and phone number, even if it should be hidden via privacy settings. The discoverer classified the leak as dangerous and immediately took it to Twitter. An attacker with basic programming and programming skills can search the Twitter user database and generate a list of Twitter account names with the hidden data. This database – as it is now for sale – can be used to track attacks on those affected. A cybercriminal can link all kinds of data together and try to hack other services or harm users through direct access.
Twitter confirmed the vulnerability on January 6 and paid a bounty of $5,040. On January 13, the leak was fixed and zhirinovskiy confirmed that the problem had been resolved. Twitter has a profile support page In case you suspect that your account has been hacked, but there are no suggestions for this situation yet.
