In January, we learned that a Hacker had exploited a vulnerability in the Android app of Twitter and offered stolen user data for sale on the hacking forum Breached Forums. Hacker had claimed that the vulnerability could be used to discover Twitter accounts by their associated email or phone number. We will examine the implications of this leak. To understand the implications of the leak, we should look at what the data might mean to your business.
Hacker exploited a bug in Twitter’s Android app
A recent security breach has left millions of Twitter accounts vulnerable to exploitation. A bug in the Android app allows anyone to access the personal information of Twitter users, including phone numbers, email addresses, and account names. The vulnerability was discovered in January and quickly fixed, but Twitter didn’t believe that personal information had been compromised until July. After the bug was reported, Twitter suspended several accounts whose personal information was accessed without their knowledge.
Hacker leaked a sample of the data
A Hacker has leaked a sample of Twitter data. Hackers broke into Twitter’s internal tools and downloaded data for 52 accounts. The information includes public profile information, email addresses and phone numbers tied to the Twitter accounts. Although the data does not include the passwords for the accounts, a bad actor could use it to change or retrieve passwords. However, Twitter has responded by checking the matter and attempting to contact the account owners.
Hacker sold the data on a dark web site
A hacker has sold the passwords of millions of Twitter users on a dark web site. The hacker has reportedly been paid $5,040 for his services. Despite this, Twitter is likely not hacked – users’ saved usernames and passwords were probably sent to a malicious website through phishing or other means. Besides that, Twitter probably has no idea that such information is being sold.
Impact of the tweets
The leak happened on April 11, when hackers accessed internal Twitter tools to generate YTD requests from seven accounts, among 52 compromised. Upon discovering the data leak, Twitter contacted the account owners and blocked them. Unfortunately, none of the seven accounts was verified. It is not yet known how many other Twitter users were affected. However, the attack is a reminder that Twitter needs strong leadership to protect its users. While the data leak is unfortunate, it is not an insurmountable obstacle to enhancing its security.
Steps taken by Twitter to protect users
Twitter is taking steps to prevent users from becoming victims of a security incident. A bug in its support system allowed users to reveal their email addresses and country code. Twitter notified users that their passwords had been unencrypted in an internal log. Twitter is encouraging users to change their passwords, but it is unclear whether this will deter cyber-criminals. Despite the breach, Twitter says it is still investigating the case.