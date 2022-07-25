For seven months, everyone has known about a vulnerability in Twitter that seemed to grant access to highly relevant data. Although nothing more had been heard of her since January until today, when a hacker would have accessed the data of 5.4 million users, including their emails and phone numbers.

This hacker has currently put the information up for sale on a online forum under the username “Devil”. In his communication he claims to have the data of 5,485,636 users, which includes both shallow users, such as celebrities or large companies.

Exploited a vulnerability with 7 months old

Until now, Twitter has not given too many details about it, except that they have initiated an investigation to clarify the way of access to the servers. As we have mentioned before, it is really curious that access has been gained through a vulnerability known for seven months, which theoretically it had been patched.

This bug allowed extract email and phone number from any account via android client in a really simple way. Before this publication, Twitter managed to patch it and even granted a high reward to the user who had published it, called zhirinovskiy.





The point is that two scenarios arise in this case: the vulnerability was not correctly patched, or it is an information theft that occurred in January and has not been published until today. What seems certain, according to different experts, is that the information held by this hacker is completely real and now it is waiting for a new owner.

Currently, whoever wants to get hold of the data of this large number of accounts is going to have to pay a total of $30,000, exactly the same as when millions of Chinese data were sold for 10 BTC. However, we will have to wait for Twitter to comment and give more information about this macro leak.

Via | RestorePrivacy