According to website information Restore Privacya security bug twitter exploited by a hacker who succeeded Get information from 5.4 million users from the social network. The biggest problem is HEThe data is sold on a hacker forum for US$30,000 (about R$163,000 at current rates).
In January of this year, a HackerOne user posted a report on Twitter detailing the vulnerability. malicious people allowed to steal phone numbers and email addresses associated with accounts. Although the company has already fixed the problem, it seems that at least one hacker managed to steal the information.
According to HackerOne user zhirinovskiy, the bug was found in a social network authorization process on the Android version of Twitter. At the time, he also claimed that the stolen data could be sold by malicious people – apparently he got it right.
“This is a serious threat because not only are people finding users who are limiting their ability to be found by email/phone number, but any attacker with basic scripting/coding knowledge could rank a large portion of Twitter’s user base previously inaccessible. . enumeration (create a database with phone/email for username connections)”, said the user who found the error.
Sale of personal data
Last Thursday (21) a user of the popular hacker forum Breached Forums posted a message informing about the sale of data of 5.4 million Twitter consumers. Even the malicious person posted some samples of the data from the social network and charges $30,000 for all the information.
A few days after Zhirinovskiy’s post, Twitter acknowledged the error and awarded the user a $5040 bounty. So far, Twitter has not commented on the situation.
Source: Tec Mundo
