Twitter hacker is asking $30,000 for the information of over 5.4 million users, including companies and celebrities.
According to a recent allegation, a hacker is selling the set of 5.4 million users’ account information for $30,000 after using a security flaw in Twitter that was first identified in early 2022. When it was discovered earlier this year that the website had a serious security issue, it has been stated that many Twitter users were the victim of a significant data breach. The security hole was discovered in January when “zhirinovskiy,” a user on HackerOne, pointed out that Twitter was open to hackers looking to steal information for malevolent purposes.
However, according to to Restore Privacy, the compromised data that is currently for sale stems from a flaw that was discovered in January 2022. The microblogging platform admitted that there was a real security risk and even offered the finder, “Zhirinovsky,” a $5,040 reward. Sven Taylor of Restore Privacy stated that “just as HackerOne user Zhirinowski described in an early January report, a threat actor is currently purportedly selling data obtained from this vulnerability.” The Twitter database supposedly has 5.4 million users for sale, and the post is still active. Zhirinovsky explained how to use the issue at the time and said it posed a “severe threat” even to individuals with “minimum knowledge” of scripting and coding. Twitter recognized the issue five days later and seemed to have resolved it a week later when it offered Zhirinovskiy a $5,040 payment for alerting the company to the vulnerability and sale. RestorePrivacy reports that despite the repair, millions of users’ phone numbers and email addresses, including those of celebrities, businesses or companies, regular users, and those with covered handles, appear to have been accessed and are currently being sold via a post on the dark web forum called Breached Forums. According to RestorePrivacy, a seller going with the moniker “devil” is requesting at least $30,000 and claims that the data set contains “Celebrities, Companies, randoms, OGs, etc.” On the Breached Forums’ website, the seller posted information regarding the data. The forum’s owner reportedly confirmed the validity of the leak, reports Restore Privacy. The posting on the Breach Forums contains a sampling of the data that is available. Along with phone numbers and/or email addresses used for logging in, it appears to display information from Twitter profiles that is accessible to the general public. According to a Twitter source, they learned about this issue several months ago through their bug bounty program, looked into it carefully right away, and then addressed the vulnerability. The spokesman further stated that Twitter was examining the most recent information to confirm the veracity of the allegations and guarantee the security of the impacted accounts. In what some experts claim to be the biggest data breach in history, Breached Forums, a hacking community, leaked 23 terabytes of data from 1 billion Chinese citizens. For 10 Bitcoin, which is currently worth $202,000, the hacker tried to sell the database. Other major companies and IT firms, such as T-Mobile, which had 76.6 million users’ data compromised in a hack last year, and AT&T, which saw an attack that had a 70 million user impact, have seen worse breaches.
Users who learned about the Twitter hack have expressed dissatisfaction over the fact that Norton and LifeLock were the only sources they used to learn about it. The hack occurs only weeks after Elon Musk revealed plans to cancel his $44 billion purchase of the social media site, citing among other things Twitter’s inability to demonstrate that bots make up less than 5% of its user base.