2022-12-01 18:12

Cybercriminals started selling the user details of more than 5.4 million Twitter users on a hacking website in July this year after taking advantage of an API flaw that was made public in December 2021. Just as other researchers discovered a compromise affecting millions of accounts throughout the EU and US, a hacker just made this information available for free.

While the majority of the data was made up of publicly available details like Twitter IDs, names, login names, localities, and verified status, it also contained private details like phone numbers and email addresses. 

Security specialist Chad Loder was the first to reveal the story, but he was shortly suspended from the microblogging service. According to Loder, they contacted a sample of the impacted accounts and came to the conclusion that the information was accurate and the breach happened in 2021.

The information was first stolen from Twitter exploiting a vulnerability in the application programming interface API of the service, but it is now freely available online. Twitter was open about the initial user ID leak and API attack that affected millions of users. The platform claimed at the time that it was alerting users who they could verify had been affected by the data leak.

The data of 5,485,635 active Twitter users was exchanged freely on a hacking site on November 24. The initial 5.4 million data points were distributed for free in a thread that appeared on BreachForums last w

[…]

Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents

Read the original article: