Twitter data of 5.4 million users is for sale for $30,000

A Twitter security flaw discovered in early 2022 was used to recover the account information of 5.4 million users, and the hacker is offering the package to the market for $30,000.

While Twitter was recently rocked by Elon Musk’s takeover bid, who eventually withdrew his offer before the US company sued, the social network is now facing a major data breach. There is indeed a Twitter security breach that gave hackers access to the personal data of 5.4 million accounts.

The data, including Twitter, handles, phone numbers, and addresses, was for sale on a hacking forum, for $30,000s. The amount requested is therefore not very high. Earlier this year, the records of one million French people went on sale for $6,000. Other hackers had even managed to steal the personal data of a billion Chinese resistance fighters, and it was offered for just $200,000.

The vulnerability used by the hackers has been known since the beginning of the year

Restore Privacy said in a message that the data breach was made possible by: a Twitter security flaw discovered last January. At the time, the HackerOne site reported a bug that allowed an attacker to obtain a Twitter member’s phone number and/or email address, even though they had hidden those fields in their account settings. The bug is said to come from the authorization process used in Twitter’s Android client, particularly when verifying duplicate Twitter accounts.

In the post, the user also explained how to reproduce the error. Twitter eventually acknowledged the vulnerability as a “legitimate security issue” and offered a reward of $5,040 to the HackerOne researcher as part of the Bug Bounty program. Lucky for users the database for sale does not appear to contain any passwords. Be that as it may, we remind you that your personal data travels all over the internet every day and is auctioned on average about 376 times a day.