Attacker in access to 5.4 M Twitter account details through data breach
An attacker got access to the contact details of 5.4 M Twitter accounts after a data breach. Twitter confirmed the security vulnerability that led to the extraction of the data.
The attacker has put the data on sale on a hacking forum for $30,000. This data ties Twitter handles to phone numbers and email addresses.
Reports by Restore Privacy states that a vulnerability discovered back in January facilitated this breach.
The owner of the hacking form confirmed the authenticity of the attack. Additionally Restore Privacy also cross checked the two database samples and confirmed that they matched.
The seller on being contacted by the privacy site mentioned that the price of the database is $30,000.
HackerOne covered this security vulnerability back in the month of January. The vulnerability allowed anyone to enter a phone number or email address and consequently find the associated Twitter ID. This identifier although being just an internal identifier, can be converted into a Twitter handle.
It might also be possible that the attacker obtained phone numbers and email addresses from existing databases of other breaches and followed up these details to get corresponding Twitter IDs.
At present there is no way for us to check if our account is included in the Twitter data breach. Phishing attacks includes messages that say our account is at risk of deletion, fake receipts for a high-value purchase being attached etc. together with the link. The safety guard is to not click on such links if it seems suspicious.