Over 5 Million Accounts Affected in Recent Twitter Hack

Email and phone numbers of the associated accounts have been leaked

Well, it’s almost like every other day Twitter is hit with a hack. But this time, your data could have been compromised too. Recently a hacker was able to exploit a vulnerability in Twitter, which gave him access to millions of email and phone numbers associated with the Twitter accounts. 

Twitter acknowledges the vulnerability, source – RestorePrivacy

Back in Jan, 2022, Twitter received a report from its Bug bounty program about a potential vulnerability. This is exactly what was exploited recently, and pertains to accounts where people had submitted an email address or phone number to Twitter’s systems. Twitter was able to quickly patch it up then, but didn’t have any knowledge of misuse in the wild. They were first notified of the leak last month, and after reviewing the data, Twitter has now confirmed the leak officially

RestorePrivacy was also able to talk to the hacker in question, and he explained that the data was collected in December 2021, which is before the vulnerability was patched. The hacker is also looking to sell the entire leaked database of 5.4 million users for $30,000. The contents though, is very random, and includes everything from celebrities, companies, individuals, random accounts and more.  

This is a serious threat, as people can not only find users who have restricted the ability to be found by email/phone number, but any attacker with a basic knowledge of scripting/coding can enumerate a big chunk of the Twitter user base unavailable to enumeration prior (create a database with phone/email to username connections). Such bases can be sold to malicious parties for advertising purposes, or for the purposes of targeting celebrities in different malicious activities

HackerOne Report on the Vulnerability

Twitter will directly inform the users affected by the vulnerability, although they don’t have a confirmation on the actual accounts in the database yet. While this isn’t an overtly personal leak, like with passwords, this can still affect people by way of phishing or more sophisticated attacks. 

You can read more about the exact nature of the vulnerability here

Indranil Chowdhury
Indranil is a Med school student and an avid gamer. He puts his absolute faith in Lord Gaben and loves to write. Crazy about the Witcher lore, he plays soccer too. When not playing games or writing, you can find him on 9gag spreading the Pcmasterrace propaganda.