Twitter ’s API once hold such an easily exploitable flaw that drudge carry off to grab 5.4 million user contingent . Now , according to news report and mention from users in hacker meeting place , there are several million more points of user data floating around on the internet .
BleepingComputerreported Monday that the 5.4 million user record contain passwords , headphone numbers , emails and more may have been just the point of the iceberg for a much larger severance in company data . The data had been originally jack from Twitter using a flaw in the platform ’s program programming port ( API ) , but is now being shared openly on-line . As summarized at the start of this year byHackerOne , hackers found there was a way to allow anyone to get the Twitter ID of a user by submitting their phone figure or email to the scheme , even if the user had call on off that option in their account .
Twittercame cleanabout the original feat in their API and the breach of millions of substance abuser IDs . At the time , the platform said it was apprize users they could confirm were impact by the information breach . But notedanti - fascist researcherand security nerd Chad Loder include some validation of an additional data theft on hisMastodon profileon November 25 . Loder told9to5Maclast week that there appeared to be “ multiple threat actors , mesh independently ” taking data from the UK , some EU nations , and some parts of the U.S. , mostly from late 2021 . That second data point set could include somewhere around 1.4 million more profiles .
Twitter’s security flaw that allowed hackers to steal millions of user records had been patched in August this year, but that hasn’t stopped hackers from releasing that data for free online.Photo: Sergei Elagin (Shutterstock)
A thread write on BreachForums , AKA Breached , last week shared the original 5.4 million datum points for free , and as of account that forum screw thread is still up and running . Gizmodo was unable to reassert the authenticity of the information , though the forum thread mention the additional 1.4 million from suspended news report may still be spreading only in individual circles .
Though there is still a question of how many of those accounts include new information . LeakCheck , a cybersecurity password chequer , mark on that same meeting place thread that peradventure only 12 % of those emails found in the more than 500 GB of data were new , AKA that have n’t been find in former leaks .
Gizmodo reached out to LeakCheck for substantiation but we did not immediately get word back .
Twitter’s API and its discoverability settings had been exploited to grab the usernames, passwords, phone numbers, and emails in late 2021.Screenshot: Twitter
So that ’s up to 7 million user or former substance abuser who may have their account info floating around the cyberspace . BleepingComputer also said it had contacted the exploiter who goes by Pompompurin , the proprietor of Breached , who exact to be the original cyber-terrorist who exploited Twitter late last year . The 1.4 million record were not reckon to be public , according to Pompompurin , though it seems they ’ve been leaked anyway . BleepingComputer noted the data could consist of over 17 million users ’ records , much more than what was in the beginning reported , though the full issue has n’t been legitimately identified .
Hackers on the Breached hacker forum had in the beginning put up that data for $ 30 million , but this most recent story now says the data is up for destitute online . BleepingComputernotedit derive access to a 1.37 million portion of the leak phonograph recording for users in France . It has since support with at least some of those user listed in the leakage that their numbers pool were valid . There could be even more phone routine in the newest listing compared to what was read in the beginning this class .
Though Twitter hasmore than 200 million combat-ready daily users(even though chief executive officer Elon Musk is overly claiming those usersare on the rise ) a rupture of 17 million would be one of the bigger user datum breaches , though not the large by any stretch . A hacker previously stole 100 million instances of user info from CapitalOne , and the hacker responsible was sentence tofive twelvemonth of probation . LinkedIn has dealt with500 million user profilesscraped from their systems . Ride hailing troupe Uber has experienced major hacks of user data twice , one in 2016 and anotherjust a few months ago .
The post on Breached that includes a link to download the 5.4 million instances of user data was still active as of reporting.Screenshot: Breached
Gizmodo reached out to Twitter but in the geezerhood of Musk and the patent end of Twitter ’s public press team , we have not discover back from the company in week .
Daily Newsletter
Get the best tech , skill , and acculturation news show in your inbox daily .
tidings from the future , delivered to your nowadays .
You May Also Like
