Twitter bug let hack get data of 5.4 million users, up for sale for $30,000: Report
A vulnerability in Twitter’s databases has led hackers get access to the personal data of 5.4 million users. This data, as per reports, is up for sale at a price of $30,000 or Rs 23.96 lakhs.
HackerOne, back in January this year, had reported that a Twitter vulnerability left personal data, which includes users’ phone numbers and email address, of millions of users susceptible to be accessed by anyone. In essence, the vulnerability anyone to enter a phone number or email address and then find the associated twitterID. What’s concerning is that these details could be accessed even if a user had enabled privacy settings to hide these details publicly.
“The vulnerability allows any party without any authentication to obtain a twitter ID (which is almost equal to getting the username of an account) of any user by submitting a phone number/email even though the user has prohibitted this action in the privacy settings. The bug exists due to the process of authorisation used in the Android Client of Twitter, specifically in the procces of checking the duplication of a Twitter account,” user who goes by the name “zhirinovksiy” on the platform had written in a post. In the post, the user had also described the steps for getting proof-of-concept or in other words, how the vulnerability could be replicated.
Twitter had acknowledged the vulnerability as a “valid security issue” at the time. It had also awarded the researcher a bounty of $5,040 or Rs 4.02 lakh.
The micro-blogging platform has patched the bug since then. However, a hacker exploited the vulnerability while it was still active on Twitter and now they are demanding $30,000 for giving access to the database.
As per a report by Restore Privacy (via 9To5 Mac), the hacker is selling the Twitter database on Breached Forums. The report also says that the post by the username “devil” is still live on the platform and it alleges that the dataset includes “Celebrities, to Companies, randoms, OGs, etc.”
The malicious hacker has also shared a sample data from the database on Breached Forums, which has been independently verified by the publication.
Twitter is yet to comment on the matter.
The post Twitter bug let hack get data of 5.4 million users, up for sale for $30,000: Report appeared first on BGR India.