A Vulnerability in Twitter’s databases that allowed hackers group access to the personal data of 5.4 million Twitter users, has been patched. The report analysis said that the stolen data is up for sale at a $30,000 price.
On Friday Twitter reported that a team of researchers has found that a now-patched zero-day bug was used to link phone numbers and emails to user accounts on the social media platform.
“This bug resulted from an update to our code in June 2021. When we learned about this, we immediately investigated and fixed it. At that time, we had no evidence to suggest someone had taken advantage of the vulnerability,” Twitter reported.
In January 2020, various cyber security news platforms published a story on Twitter’s vulnerability that allowed hackers and other malicious actors to access sensitive data including phone numbers and email addresses of millions of users, leaving it susceptible to being accessed by anyone.
What's even more threatening is that the data details could be accessed even if a user had enabled privacy settings to hide these details publicly.
"As a result of the vulnerability, if someone submitted an email address or phone number to Twitter's systems, Twitter's systems would tell the person what Twitter account the submitted email addresses or phone number was associated with, if any," the company said in an advisory.
When vulnerabilities in the system are not discovered by the software or hardware manufacturer remain, they remain a potentially hazardous threat. In most incidents, zero-day vulnerabilities are noticed by security experts like white-hat hackers, and security analysts inside tech companies. The essential thing to be noted about a zero-day is that there is no patch or update yet created for it, so long as it remains zero-day.
Twitter said that the company has started notifying users affected by the attack and urging its users to turn on two-factor authentication to protect data against unauthorized logins.
