Last week, a database appeared on the network, allegedly containing the personal data of 500…
Bleeping Computer reports that a hacker named devil, who put the data up for sale, claims that the dump contains information about various accounts, including celebrities, companies and random users.
The attacker confirmed to reporters that he used the vulnerability to collect data in December 2021. This is a bug that was first reported by Restore Privacy specialists. This vulnerability was fixed at the beginning of January of this year, and a report about it can be found on HackerOne.
At the same time, devil emphasizes that he is not familiar with zhirinovskiy and the fact that he exploited the vulnerability has nothing to do with the mentioned report on HackeOne. The hacker only confirmed that using an email address and a phone number, it was possible to determine whether this number or mailing address is associated with a Twitter account, and then get the ID of this account. Armed with this ID, devil was apparently extracting the rest of the public data to create user profiles.
It is worth noting that in 2021, a dump containing information about 533,313,128 Facebook users was collected in a similar way.
Twitter has not yet officially confirmed the leak, but assured the media that they are already investigating what happened. At the same time, the company once again emphasized that the vulnerability discovered last winter has been fixed long time ago.
Bleeping Computer journalists independently checked the data of some Twitter users who fell into the sample provided by the hacker. It turned out that personal information (e-mail addresses and phone numbers) is true.
News-bpudepi.today is a domain that tries to trick you into subscribing to its browser notifications…
Doguhtam.xyz is a site that tries to trick you into subscribing to its browser notifications…
News-xlixoti.com is a site that tries to force you into subscribing to its browser notifications…
Ducesousightion.com is a domain that tries to trick you into clik to its browser notifications…
News-xlabica.live is a domain that tries to trick you into clik to its browser notifications…
Mergechain.co.in is a site that tries to trick you into subscribing to its browser notifications…