[…]
The short version of the latest drama is this: data stolen from Twitter more than a year ago found its way onto a major dark web marketplace this week. The asking price? The crypto equivalent of $2. In other words, it’s basically being given away for free. The hacker who posted the data haul, a user who goes by the moniker “StayMad,” shared the data on the market “Breached,” where anyone can now purchase and peruse it. The cache is estimated to cover at least 235 million people’s information.
[…]
According to multiple reports, the breach material includes the email addresses and/or phone numbers of some 235 million people, the credentials that users used to set up their accounts. This information has been paired with details publicly scraped from users’ profiles, thus allowing the cybercriminals to create more complete data dossiers on potential victims. Bleeping Computer reports that the information for each user includes not only email addresses and phone numbers but also names, screen names/user handles, follower count, and account creation date.
[…]
The data that appeared on “Breached” this week was actually stolen during 2021. Per the Washington Post, cybercriminals exploited an API vulnerability in Twitter’s platform to call up user information connected to hundreds of millions of user accounts. This bug created a bizarre “lookup” function, allowing any person to plug in a phone number or email to Twitter’s systems, which would then verify whether the credential was connected to an active account. The bug would also reveal which specific account was tied to the credential in question.
The vulnerability was originally discovered by Twitter’s bug bounty program in January of 2022 and was first publicly acknowledged last August.
[…]
Source: 200 Million Twitter Users’ Data for Sale on the Dark Web for $2
Robin Edgar
Organisational Structures | Technology and Science | Military, IT and Lifestyle consultancy | Social, Broadcast & Cross Media | Flying aircraft