Twitter says recently leaked user data is from 2021 breachSecurity Affairs
Twitter confirmed that the recent leak of members’ profile information was a result of the 2021 data breach that was disclosed in August 2022.
Twitter confirmed that the recent data leak of millions of profiles was a result of the 2021 data breach that the company disclosed in August 2022.
In late July, a threat actor leaked data on 5.4 million Twitter accounts obtained by exploiting a now-fixed vulnerability in the popular social media platform.
The threat actor offered the stolen data for sale on the popular hacking forum Breached Forums.
The seller claimed that the database contained data (ie emails, phone numbers) of users from celebrities to companies. The seller also shared a selection of data in the form of a csv file.
In August, the company confirmed that the data breach was caused by the now-patched zero-day bug submitted by zhirinovskiy via the bug bounty platform HackerOne, and that the researcher received a $5,040 bounty.
“We want to inform you of a vulnerability that allowed someone to enter a phone number or email address in the login flow in an attempt to determine if this information was associated with an existing Twitter account, and if so, which specific account. ” reads Twitter’s advice. “In January 2022, we received a report through our bug bounty program of a vulnerability that allowed someone to identify the email or phone number associated with an account, or if they knew a person’s email or phone number, they could identify Its Twitter account, if it existed, the social media company continues.
“This bug came from an update to our code in June 2021. When we learned about this, we immediately investigated and fixed it. At the time, we had no evidence to suggest that anyone had exploited the vulnerability.”
In November, the website 9to5mac.com claimed that the data breach was worse than first reported by the company. The website reports that multiple threat actors exploited the same flaw, and the data available in the cybercrime underground has different sources.
“A massive Twitter data breach last year, which exposed more than five million phone numbers and email addresses, was worse than first reported. We have been shown evidence that the same security vulnerability was exploited by multiple bad actors, and the hacked data has been offered for sale on the dark web by multiple sources,” reads the post published by 9to5mac.com.
9to5Macits claims are based on the availability of the data set that contained the same information in a different format offered by a different threat actor. The source told the website that the database was “just one of a number of files they have seen.” It appears that the affected accounts are only those that have “Discoverability | Telephone option (which is difficult to find in Twitter’s settings)” activated at the end of 2021.
The archive seen by 9to5Mac includes data belonging to Twitter users in the UK, almost all EU countries and parts of the US.
“I have obtained several files, one per phone number country code, which contain the phone number <-> Twitter account name pairing for the entire country’s phone number space from +XX 0000 to +XX 9999.” the source told 9to5Mac. “Any twitter account that had Discoverability | The phone option activated at the end of 2021 was listed in the data set.”
The experts speculate that several threat actors had access to the Twitter database and combined it with data from other security breaches.
The security researcher behind the account @chadloder (Twitter following the disclosure of the news) told 9to5Mac that “the email-twitter pairings were derived by running existing large databases of 100 million+ email addresses through this Twitter vulnerability.”
The researcher told the site they would contact Twitter for comment, but the entire media team left the company.
Now the company shared the results of the investigation carried out by the Incident Response Team.
“In November 2022, some press reports published that Twitter users’ data had allegedly been leaked online,” reading the update provided by the company. “As soon as we became aware of the news, Twitter’s Incident Response Team compared the data in the new report with data reported by the media on July 21, 2022. The comparison showed that the exposed data was the same in both cases.”
The company pointed out that no passwords were exposed, but encourages users to do so enable 2-factor authentication using authentication apps or use hardware security keys to protect their accounts from unauthorized logins.
“We also encourage Twitter users to be extra vigilant when receiving any kind of communication via email, as threat actors can exploit the leaked information to create highly effective phishing campaigns,” the council concludes. “Be wary of emails that give a sense of urgency and emails that ask for your private information, always double-check that emails are coming from a legitimate Twitter source.”
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(Security matters – hacking, data leakage)