It turns out that Twitter – a company that currently stands more than one big headache – has a pretty bad data breach on his hands. It could affect hundreds of millions of users and lead to major security issues for the platform, but despite its severity, it was easy to miss amidst the deluge of others scandals and controversies plagues the social media giant. However, if you’re using the Vogel app, this is a mess that definitely deserves your attention.
The short version of the latest drama is this: Data stolen from Twitter more than a year ago found his way this week on a major dark web marketplace. The asking price? The crypto equivalent of $2. In other words, it’s basically being given away for free. The hacker who posted the data transport, a user known by the nickname “StayMad,” sharesd the data on the market “Breached” where now everyone can buy and read it. It is estimated that the cache covers at least 235 million people’s information.
While many details are still missing on this ill-fated saga, we’ve put together a quick rundown of what you might need to know about Twitter’s security debacle –the last in a long string.
What information was compromised?
According to several reportsThe breach material contains the email addresses and/or phone numbers of approximately 235 million people, as well as the credentials users used to set up their accounts. This information was paired with details publicly scraped from users’ profiles, allowing cyber criminals to create more complete data dossiers on potential victims. computer beeps reports that information for each user includes not only email addresses and phone numbers, but also names, screen names/usernames, follower count, and account creation date.
In short, anyone who purchases the Breached haul has the contact and partial login information for affected Twitter users. Not only is this a potential security issue for these accounts, but it’s also a serious invasion of privacy for anyone who doesn’t want random dark web jerks to have access to their contact information.
How and when did this happen?
The data that appeared on Breached this week was actually stolen in 2021 Washington Postcyber criminals exploited an API vulnerability in the Twitter platform to obtain user information associated with hundreds of millions of user accounts. This bug created a bizarre “lookup” feature that allowed anyone to enter a phone number or email address into Twitter’s systems, which would then verify that the credentials were associated with an active account. The error would also show which specific account was associated with the credentials in question.
The vulnerability was originally discovered by Twitter’s bug bounty program in January 2022 and was first made public accepted last August. In a blog post, the company said the bug was the result of an update to its code that took place in June 2021. At the time, the company informed users that it had “no evidence that anyone had exploited the vulnerability,” although it turns out they were dead wrong.
It’s unclear when exactly cyber criminals discovered this flaw and started exploiting it, but what we do know is that by the time the platform caught on, the hackers had already stolen data from a lot of people. However, the total amount of authentic information within the “Breached” haul is unknown. Analysts and journalists have tested parts of the data and found the accounts to be genuine.
Who is behind the hack?
We do not know it. The identities of the cyber criminals behind the data breach are unknown, and it’s unclear if they have ties to a known hacking group or threat actor. The user who posted the 200M profile haul on Breached goes by the nickname “StayMad”, but little else is known about him. While we may not know who is responsible for the data breach, security experts have speculated that cyber criminals could use the stolen data to conduct a whole range of unsavory activities. Experts | have appreciated that the information could be used for account takeover attempts, phishing and harassment of affected users.
What has Twitter done about it?
As far as we can tell, Twitter has done almost nothing about the latest iteration of this data breach. After admitting the API bug last summer, the company hasn’t offered many updates or commented on the recent listing of user data for sale. Gizmodo reached out to the company on Thursday for comment on the “Breached” incident, but received no response. Twitter no longer has a PR department after Elon’s layoffs. We’ll update our story if the platform decides to ever address the security debacle.
What you can do
Unfortunately there isn’t much you can do about it. Unless you buy and review the data yourself (not recommended), it’s not clear how you would verify if you were affected or not. However, if you are concerned that your information has been exposed, one recommendation would be to burn any account credentials that may have been involved. An email address can easily be changed, but a exposed phone number is a bit more complicated. Phone numbers are less disposable than email — although you can always contact your carrier and request a phone number change if you’re concerned about your privacy. At the same time, you should change the email address and/or phone number associated with your Twitter account and use multi-factor authentication, which puts account security firmly in your hands (at least that’s how it should work).
https://gizmodo.com/twitter-elon-musk-hack-200-million-users-dark-web-1849953779 200 Million Twitter Users’ Data for Sale on the Dark Web for $2