The identification of another database of leaked Twitter users has alerted about more than one malicious actor making use of the same vulnerability that the company already recognized this summer and that then affected more than 5.4 million users.
A twitter security code update implemented in June 2021 created a vulnerability that a hacker from the HackerOne firm reported to the company in January, within its program of ‘bugs’ (errors) and rewards.
Twitter assured that as soon as it found out about the failure, it solved it, and acknowledged that due to said vulnerability, the platform had been the victim of a cyberattack that resulted in the theft and leak of user data. 5.4 million users.
Security expert Chad Loder has now warned that the vulnerability could be exploited by more malicious actorsgiven the database that you have identified and that had not been previously reported.
Loder states that he has had access to a sample with which he has been able to verify that it is real user data. Specifically, of telephone numbers of users in France, although the database includes information on millions of users of the European Union and United States.
Leaked phone numbers are linked to accounts they had activated the function that allows other people to find the user by their phone number. And it affects users with verified accounts, celebrities, politicians, and government agencies.
The cybersecurity expert don’t think it’s the same data breach that Twitter recognized in the summer, despite the fact that they have the same system failure in common, since it deals with different data and from different affected accounts.
Loder has shared his findings on both Twitter and Mastodon. In the first social network, his account has been suspended, although you can consult the thread on the data breach at archive.org.
On the other hand, from the specialized portal Bleeping Computer they have reported that the database that affected 5.4 million users, which was put up for sale through Breached Forums, has now appeared for free in the same hacking forum.