bleepingcomputer.com/news/security/twitter-confirms-zero-day-used-to-expose-data-of-54-million-accounts
Vulnerability allows users to link email addresses and phone numbers to accounts. 5.4 million Twitter users have been affected by the vulnerability. The vulnerability has been fixed, but users are still able to access their accounts. For confidential support call the Samaritans on 08457 90 90 90 or visit a local Samaritans branch, see www.samaritans.org for details.

The threat actor created profiles of 5.4 million Twitter users in December 2021. The threat actor then used this ID to scrape the public information for the account. At the time, the threat actor was selling the data for $30,000 and had told BleepingComputer that there were interested buyers.

Twitter says they cannot determine the exact number of people impacted by the breach. The company has begun to send out notifications this morning to alert impacted users about whether the data breach exposed their phone number or email address. "When we learned about this, we immediately investigated and fixed it. At that time, we had no evidence to suggest someone had taken advantage of the vulnerability," Twitter says.

No passwords were exposed in this breach. However, the threat actor claims to have used the flaw to gather the data of 5,485,636 Twitter users. Twitter is encouraging users to enable 2-factor authentication on their accounts to prevent unauthorized logins. For those using a pseudonymous Twitter account, the social media company suggests you keep your identity as anonymous as possible.
Posted by RU rumbleshark
Tap to Copy the Short Url to This Post:
bto.sh/wvhb64v4 
One-Stop Business News backed by Mark Cuban. Free to Use →