For Sale: 5.4m Twitter Users’ Data

A criminal using the pseudonym ‘devil’ has built a Dark Web database containing the personal information of 5.4 Twitter users’ data and has listed the information for sale on a criminal forum, according to security researchers. The user database is currently for sale on the Breached Forums website for $30,000. 

The seller says they have used a vulnerability in Twitter systems reported in January and also claims that the information included is phone numbers and email addresses, including that of celebrities and companies.

The hacker claims to have exploited a vulnerability first reported by a HackerOne user. The bug allowed an attacker to find a Twitter user’s phone number and email address, even if the user had them hidden in privacy settings. 

The attacker explained how to exploit the bug in their HackerOne report and Twitter removed the bug within five days, but even this may have given attackers a lot of time to take criminal advantage.  

"We received a report of this incident several months ago through our bug bounty program, immediately investigated thoroughly and fixed the vulnerability... As always, we're committed to protecting the privacy and security of the people who use Twitter. We're grateful to the security community who engages in our bug bounty program to help us identify potential vulnerabilities such as this." a Twitter spokesman told reporters.

 Twitter users have taken to the platform to complain that the company did not notify its users of the breach.

Security Affairs:      Infosecurity Magazine:       Oodlaoop:    Masterjtips:     The Register

You Might Also Read: 

Twitter Fined $150m For Selling User Data:

 

« Over One Hundred Arrests In Business Email Compromise Swoop
Mercenary Hacking Group Selling Spyware »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Fredda Stanza

Fredda Stanza

Fredda Stanza specialize in Information Security and Forensics Consulting.

Nordic IT Security

Nordic IT Security

Nordic IT Security is a cyber security business forum in Scandinavia bringing together the converging worlds of IT, Cyber and Information Security.

European Cyber Security Organisation (ECSO)

European Cyber Security Organisation (ECSO)

The main objective of ECSO is to support all types of initiatives or projects that aim to develop, promote and encourage European cybersecurity.

Axiomatics

Axiomatics

Axiomatics provides dynamic authorization and access control solutions to protect critical data assets.

ReversingLabs

ReversingLabs

ReversingLabs develops cyber threat detection and mitigation tools that address the the latest directed attacks, advanced persistent threats and polymorphic malware.

Applied Risk

Applied Risk

Applied Risk is an established leader in Industrial Control Systems security, focused on critical infrastructure security and combating security breaches that pose a significant threat.

Smoothwall

Smoothwall

Smoothwall develop intelligent web filtering, Monitoring and security solutions designed to protect users worldwide.

Cyber Risk Opportunities

Cyber Risk Opportunities

Cyber Risk Opportunities was formed to enable middle-market executives to become more proficient cyber risk managers so their organizations can thrive.

SEON Technologies

SEON Technologies

At SEON we strive to help online businesses reduce the costs, time, and challenges faced due to fraud.

Astaara

Astaara

Astaara is an integrated insurance services and risk management advisory business incorporating cyber risk advisory, underwriting and analytics.

Etonwood

Etonwood

Etonwood specialises in infrastructure and vendor technology recruitment in areas including cloud platforms, cyber security and service management.

ENSCO

ENSCO

The ENSCO group of companies provides engineering, science and advanced technology solutions that guarantee mission success, safety and security to governments and private industries worldwide.

Mobilicom

Mobilicom

Mobilicom is an end-to-end provider of cybersecurity and smart solutions for drones, robotics & autonomous platforms.

NexusTek

NexusTek

NexusTek is a managed IT services provider with a comprehensive portfolio comprised of end-user services, cloud, infrastructure, cyber security, and IT consulting.

Flawnter

Flawnter

Flawnter is a security testing software that finds hidden security and quality flaws in your applications.

Finlaw Associates

Finlaw Associates

Finlaw Associates is a trusted cybercrime law firm providing a wide range of taxation, legal, advisory and regulatory services to the financial, commercial and industrial communities.