Hackers release millions of Twitter IDs and user data for free

Open security lock and key on the background of the Twitter social network logo in mirror reflection.

A Twitter security flaw that allowed hackers to steal millions of user records was patched in August of this year, but that hasn’t stopped hackers from releasing that data online for free.
Image: Sergey Elagin (Shutterstock)

Twitter’s API once had a flaw that was so easily exploitable that hackers were able to capture the data of 5.4 million users. Now, according to user reports and notes on hacker forums, there are several million more user data on the Internet.

Bleeping Computer The company said Monday that 5.4 million user records containing passwords, phone numbers, emails and more could be the tip of the iceberg for a larger breach of company data. The data was originally leaked from Twitter using a flaw in the platform’s application programming interface (API), but is now being shared openly online. As he summarized earlier this year HackerOnehackers have found a way to allow anyone to obtain a user’s Twitter ID by providing their phone number or email to the system, even if the user has disabled that option in their account.

Twitter's API and its detection settings were used in late 2021 to capture usernames, passwords, phone numbers and emails.

Twitter’s API and its detection settings were used in late 2021 to capture usernames, passwords, phone numbers and emails.
Screenshot: Twitter

Twitter came clean About the original exploit in their APIs and the breach of millions of user IDs. At the time, the platform said it was warning users who could confirm they were affected by the data breach. But he noted anti-fascist researcher and includes safety vinke Chad Loder some evidence of theft of additional information about him Mastadon profile about november 25. Loder said 9-5Mac Last week it emerged that there were “multiple independent threat actors” receiving information from the UK, some EU countries and parts of the US, mainly from late 2021. This second data set may include approximately 1.4 million more profiles.

A thread posted on BreachForums, AKA Breached, shared the original 5.4 million data points for free last week, and the forum thread is still running. Gizmodo could not confirm the authenticity of the data, although a forum thread noted that an additional 1.4 million of the suspended accounts may still be circulating in private circles only.

Featuring a link to download 5.4 million user data

The “Broken” article, which included a link to download 5.4 million user data, was still active at the time of reporting.
Screenshot: was broken

However, it is still open to question how many of these accounts contain new information. LeakCheck, a cybersecurity password checker, noted in the same forum thread that only 12% of these emails found in perhaps over 500GB of data were new, AKA not found in previous leaks.

Gizmodo reached out to LeakCheck for confirmation, but we did not immediately hear back.

Thus, up to 7 million users or former users can carry account information internets. BleepingComputer also said it contacted a user named Pompompurin, the owner of Breached, who claimed to be the original hacker who used Twitter late last year. According to Pompompurin, the 1.4 million records should not have been made public, although they were leaked anyway. BleepingComputer noted that the data may contain more than 17 million user records, far more than originally reported, although the exact number has not been legally determined.

Hackers on the Breached hacking forum originally collected the data for $30 million, but this latest report says the data is now available online for free. Bleeping Computer noted It gained access to 1.37 million records leaked for users in France. It has since confirmed with at least some of the users mentioned in the leak that their numbers are valid. The newest list may contain more phone numbers than those listed earlier this year.

Although there is Twitter More than 200 million active daily users (Although CEO Elon Musk claims these users are outrageous is on the rise) breach of 17 million would be one of the larger user data breaches, if not the largest by any means. A hacker previously stole 100 million user data from CapitalOne, and the hacker responsible was punished. five years of probation. Engaged with LinkedIn 500 million user profiles removed from their systems. Ride-hailing company Uber has suffered major user data breaches twice, one in 2016 and another in 2016. just a few months ago.

Gizmodo reached out to Twitter, but Musk, and visibly older It’s the end of Twitter’s press team, and we haven’t heard from the company in weeks.

Source link