The security hole on Twitter that allowed for the theft of millions of user details was closed in August of this year, but that hasn’t prevented hackers from making the information available online for free.
Hackers were previously able to obtain 5.4 million user credentials because to a weakness in Twitter’s API that was so simple to exploit. There are now many million additional user data points floating around on the internet, according to reports and remarks from users in hacker forums.
According to a study published on Monday by BleepingComputer, the 5.4 million user records that contained passwords, phone numbers, emails, and other personal information may have only been the beginning of a far wider data breach at the corporation.
The information was first stolen from Twitter through an application programming interface (API) bug, but it is now freely available online.
Hackers discovered a technique to let anybody obtain a person’s Twitter ID by providing their phone number or email to the system, even if the user had disabled that option in their account, as described at the beginning of this year by HackerOne.
Twitter was open about the initial user ID leak and API attack that affected millions of users. The site said at the time that it was alerting users who they could verify had been affected by the data leak.
However, on November 25, renowned anti-fascist researcher and security whiz Chad Loder posted some evidence of a second data theft on his Mastadon page.
Last week, Loder told 9to5Mac that it looked like “several threat actors, working independently” were stealing data from the UK, some EU countries, and some regions of the US, mostly starting in late 2021.
It’s possible that the second data collection will have an additional 1.4 million profiles.
The original 5.4 million data points were distributed for free in a topic that appeared on BreachForums, also known as Breached, last week. At the time of writing, the discussion was still active.
Although the forum discussion highlighted the extra 1.4 million from suspended accounts may still be circulating exclusively in secret circles, Kumericanews.net IT team was unable to validate the validity of the statistics.
Although it’s still unclear how many of those accounts include brand-new information. Only 12% of the emails revealed in the more than 500GB of data were new, or hadn’t been discovered in earlier dumps, according to LeakCheck, a cybersecurity password tester.
The data was first made available for $30 million by hackers on the Breached hacker site, but according to the most current report, it is now freely available online. According to BleepingComputer, it was able to access 1.37 million of the stolen data.
Since then, it has verified the validity of those users’ phone numbers with at least some of them. Comparing the most recent listing to the one that was displayed earlier this year, there may be even more phone numbers.
A breach of 17 million users would be one of the major user data breaches, albeit by no means the largest, despite the fact that Twitter has more than 200 million active daily users (despite CEO Elon Musk’s exaggerated assertion that those users are on the rise).
Previously, a hacker stole 100 million instances of customer information from CapitalOne, and the offender received a five-year probationary period.
500 million user profiles that were scraped from LinkedIn’s servers had to be handled. Uber, a ride-hailing corporation, has twice had significant thefts of customer data, once in 2016 and again just a few months ago.
THANK YOU SO MUCH FOR READING OUR STORIES ON A CONSTANT BASIS. For more fun updates, please like, comment, and SHARE stories on all social media platforms!