Twitter data breach: exposed the data of 5.4 million accounts

2022-09-15
Twitter data breach: exposed the data of 5.4 million accounts | White Blue Ocean

In late July 2022, Twitter confirmed that it had suffered a data breach, after a threat actor appeared in a popular underground forum selling the data of 5.4 million Twitter users. The microblogging platform was able to confirm that the breach occurred through a 0-day vulnerability in Twitter's systems. As a result of this security flaw, anyone submitting an email address or phone number to Twitter’s systems would be shown which account is associated with that email address or phone number. The bad actor responsible for the breach exploited this vulnerability and created a database of publicly scraped data.

 

Twitter's vulnerability

This vulnerability had already been identified by a user called 'zhirinovskiy' as part of the HackerOne bug bounty program in December 2021. The bug bounty program, launched by Twitter in 2014, enlists the help of the hacker community to help organisations find and fix critical vulnerabilities, before threat actors in the criminal landscape can exploit them. 'Zhirinovskiy' offered a detailed explanation of how the vulnerability could be exploited, and described it as a dangerous threat that even bad actors with low-level technical skills could take advantage of. It appears that Twitter rewarded 'zhirinovskiy' with a $5,040 bounty for the discovery.

After becoming aware of the vulnerability, Twitter investigated and fixed the bug, which seemed to have inadvertently originated following an update to the platform’s code in June 2021. According to Twitter, at the time there was no evidence that the vulnerability had been exploited. The company later confirmed that the bad actor must have taken advantage of the vulnerability before it was addressed and fixed.

In July 2022, a user going by the moniker 'devil' advertised on a post in an underground forum, the data of 5.4 million Twitter users, including information on the accounts of celebrities and major companies. The owner of the underground forum verified and confirmed the authenticity of the data, which included verified phone numbers and email addresses, in addition to scraped public information including follower count, screen name, location, picture URL and login name. According to cybersecurity researchers, the threat actor was offering the data for sale for no less than $30,000. In a later conversation, the threat actor disclosed the data had been sold to two bad actor for less than the previously mentioned price. Following the natural lifecycle of stolen data, the compromised data will most likely appear for free on other underground forums once the sales possibilities have been exhausted.

 

The risk to privacy

While the data breach does not expose passwords or financial information, it still poses a significant treat to Twitter users’ privacy. The security breach is especially worrying for the pseudonymous accounts of users who wish to keep their identity private on the platform. According to recent estimates, around 25% of the Twitter accounts of its over 300 million users are pseudonymous or partially anonymous. In a public statement Twitter recognised the concerns of this privacy breach, highlighting how users with pseudonymous account could be targeted by state or other actors. This is especially worrying for users who could face persecution in oppressive regimes, as well as for whistle-blowers, activists, and political opposition, who decided to not disclose their identities on the platform for security reasons. The breach also presents a risk to members of ethnic, religious and sexual minority groups, whose identity could now be revealed to the general public without their consent. The breach also poses the risk of spearphishing attacks to the users of the affected accounts.

Twitter disclosed it was in the process of alerting users who were affected by the data breach. However, the microblogging platform recognised that it will not be able to determine and confirm every account that was impacted. The company encouraged users to enable 2-factor authentication as a security measure. It also suggested to users who wish to remain anonymous to not link publicly known phone numbers or email addresses to their Twitter accounts.

The information contained in this article is provided by White Blue Ocean, part of CRIF Group, a global company specializing in credit & business information systems, analytics, outsourcing and processing services, as well as advanced digital solutions for business development and open banking.

Reference list

https://www.bleepingcomputer.com/news/security/twitter-confirms-zero-day-used-to-expose-data-of-54-million-accounts/

https://www.cpomagazine.com/cyber-security/twitter-confirms-zero-day-security-breach-exposed-anonymous-accounts/

https://fortune.com/2022/07/26/twitter-user-data-breach-hacker-lists-database-of-5-million-users-for-sale/ 

https://hackerone.com/twitter?type=team

https://www.malwarebytes.com/blog/news/2022/08/twitter-confirmed-july-2022-data-breach-affecting-5.4m-users 

https://restoreprivacy.com/twitter-vulnerability-exposes-5-million-accounts/

https://tech.co/news/twitter-breach-of-5-4-million-users-could-expose-anonymous-accounts

The information contained in this article is provided for informational purposes only and does not constitute professional advice and is not guaranteed to be accurate, complete, reliable, current or error-free.

Protected by Copyscape

Related news

Mind the Gap: Understanding Cybersecurity Gap Analysis
2025-01-10

A cybersecurity gap analysis is a process used in organisations to evaluate the organization’s current defences, identifies vulnerabilities and weaknesses in the company security framework, and guides improvements, helping businesses prioritize risks and enhance defences. It’s an essential step in building a compliant security framework and staying ahead of evolving cyber threats.

Read more
Not a Snowflake's chance
2024-12-20

The 2024 Snowflake data breaches, caused by infostealer malware and poor implementation of security policies, exposed millions of records. The case underscores the urgent need for robust authentication and improved password hygiene.

Read more
Evil Corp The New Targets of the National Crime Agency
2024-10-25

Evil Corp, a notorious Russian cybercrime group, has been hit with sanctions by the UK, US, and Australia following their involvement in ransomware attacks. The group is also known for its connections to the Russian Government. Recent international efforts, including Operation Cronos, aim to disrupt their activities and weaken their influence on the global ransomware industry.

Read more
Avoid online shopping scams at Christmas
2024-12-06

The risks of online scams, including imposter scams, fake deals, and malvertising, are significantly higher during the holiday season. With so many tempting offers, shoppers are often targeted by cybercriminals. Learn some simple tips for safe online shopping and safeguard your personal and financial information.

Read more
Log4Shell Vulnerability
2021-12-16

On the 9th December 2021 a critical zero day vulnerability was publicly disclosed, found in a widely used Java library (a library of ready-made code packages that programmers can use for solving common issues) known as Log4j.

Read more

Contacts

Let's talk

Please fill in the form below (fields with * are mandatory) and we will respond to your request as soon as possible!