Twitter Data Breach Exposes Contact Details for 5.4M Accounts, on Sale for $30K (9to5mac.com) 22
9to5Mac reports:
A Twitter data breach has allowed an attacker to get access to the contact details of 5.4M accounts. Twitter has confirmed the security vulnerability which allowed the data to be extracted.
The data — which ties Twitter handles to phone numbers and email addresses — has been offered for sale on a hacking forum, for $30,000...
There is as yet no way to check whether your account is included in the Twitter data breach.
More details from the Restore Privacy security news site: A verified Twitter vulnerability from January has been exploited by a threat actor to gain account data allegedly from 5.4 million users. While Twitter has since patched the vulnerability, the database allegedly acquired from this exploit is now being sold on a popular hacking forum, posted earlier today.... The seller on the hacking forum goes by the username "devil" and claims that the dataset includes "Celebrities, to Companies, randoms, OGs, etc."
More details from the Restore Privacy security news site: A verified Twitter vulnerability from January has been exploited by a threat actor to gain account data allegedly from 5.4 million users. While Twitter has since patched the vulnerability, the database allegedly acquired from this exploit is now being sold on a popular hacking forum, posted earlier today.... The seller on the hacking forum goes by the username "devil" and claims that the dataset includes "Celebrities, to Companies, randoms, OGs, etc."
You, Random user! (Score:5, Insightful)
We take great pains do this.
Meanwhile, those who we entrust these details to, not so much.
Re: (Score:2)
"True. But ... why would you give your phone number to Twitter?"
You don't. That's why they sell empty sim-cards on ebay.
Re: (Score:1)
Nice FP, but hey, as long as they're making a profit, it's all good.
Now you just have to convince me that Twitter has EVER made a profit. Or that the share prices have ANY relationship to reality. Down to two decimal places? In a flying pig's eye.
Gosh, I hope Musk loses a LOT of money for his stupid head games with Twitter. I don't like gamblers, even lucky ones, and that's all I think Musk really is. He's not an idiot, but all of his supposedly original ideas are old ideas, mostly from old SF. If he has an
Spend $30k (Score:3)
Buy it. That will tell you if your account is in there.
Re: (Score:2)
Buy it. That will tell you if your account is in there.
Nah, there's usually better deals on data breaches as we get closer to Black Friday. You wouldn't want to overpay in this economy.
Re: (Score:2)
Nah, there's usually better deals on data breaches as we get closer to Black Friday. You wouldn't want to overpay in this economy.
I usually watch the paper for coupons.
Re: (Score:3)
It came from the NIST's attempt to standardize terminology used to describe cybercrime in NIST SP 800-150.
Re: "Threat actor" (Score:2)
Re: (Score:2)
Mod parent up- Informative.
It describes the action or activity (threat) and the source (actor).
The reason that a lot of the cybercrime analyses sound like they've been written by the same person is because they're using a standardized language with defined terms, kind of like Simplified Technical English: https://asd-ste100.org/ [asd-ste100.org]
Oh noes (Score:1)
My spam e-mail address possibly leaked and it might get more spam now? The horror. People actually sign up for things like Twitter using their main accounts? This is why throwaway e-mail addresses and Google Voice numbers exist, people.
Re: (Score:2)
Re: (Score:2)
No defense when someone you know gets pwned. Sad reference to We Are Anonymous about the crazy abuses of anonymity. Even worse when it's for LULZ rather than cash?
Re: (Score:2)
Last time I checked, twitter didn't accept Goggle voice numbers. I must have 15 VoIP phone numbers, none of them worked either with twitter. It seems like you need a phone number from a real cellular provider. YMMV.
A lot of money but not a bad deal (Score:3)
With that database you could set up a darknet site that sells records starting at $100 in cryptocurrency per user (scaling up with follower count), at that price it would take at most 300 sales to break even, which should happen within a week from the deluge of requests from smaller authoritarian governments. You could also offer to take a larger payment proportional to the user's twitter following to block access to the user's records permanently. Some more people would get Khashoggi'd as a result of this, but you don't make that kind of money doing honest work...
Oh no (Score:2)
Goddammit, there's another breach I missed out on by not having a Twitter account. :(
Re: Oh no (Score:2)
Bot list for sale (Score:2)
That's a lot of money for a list of bots!
Phone Number (Score:2)
Ha, I just realized Twitter stopped pestering me for a phone number about six months ago.
The weird thing is I gave it to them c. 2008 because it was a web to sms gateway. I guess they lost it at some point. Further inspiring.