The account details of around 5.4 million Twitter users were viewed by an individual using a security exploit, who then listed the information for sale on a hacking forum.
The exploit allowed a malicious actor to acquire email addresses and phone numbers linked to Twitter accounts, regardless of users’ privacy settings. This vulnerability was specific to Twitter on Android and has since been resolved. Twitter recently acknowledged the security issuestating that it took action following a bug report in January 2022.
However, it appeared that someone took advantage of the issue before it was fixed and bided their time. In July 2022, a BreachForums user claimed on the hacking forum they had data on over 5.4 million users including “celebrities” and “corporations”. Further investigation revealed that the user’s claim was legitimate and that he was asking for no less than US$30,000 in exchange for the data.
In response to the potential sale of user data, Twitter has announced that it will notify account holders directly confirmed impacted. The social media company added that it could not confirm all of the accounts involved and was “particularly mindful of people with pseudonymous accounts”. Twitter also reiterated the importance of enabling 2-factor authentication as an additional security measure, but assured users that no passwords were exposed.
On the two-factor front, Twilio recently suffered a data breach. Employees of the company behind the Authy two-factor authentication app was the victim of a phishing scam where they were tricked into visiting a fake Twilio login page. This resulted 1,900 Signal users are also affected.
If you’re worried about being involved in a data breach, it’s worth visiting Have I been pwned? It is a trusted site that notifies you of known violations on many major websites. You can even receive notifications when your information is found in breach, serving as a good reminder to change passwords or close unused accounts.
LinkedIn was a major target for phishing attempts earlier in the year, so remember to take all digital security precautions. If you are unsure of a questionable link, do not click on it, enter the URL manually instead. Scamwatch is also a good resource to know what to look for locally.
Read more eSafety news on GadgetGuy.