Twitter has lost a large amount of data from its user accounts-the cause is allegedly due to the exploitation of an as-yet unknown vulnerability. This data is already for sale in underground forums.
A major data breach of Twitter accounts caused by the exploitation of a vulnerability in the platform’s core-a security breach that allowed cyber criminals to mine a huge collection of data belonging to users around the world, including data protected by privacy settings such as emails and phone numbers.
From what is known so far, a user named “devil” has put up for sale with an ad on a well-known underground forum an archive containing a massive collection of Twitter account details. A huge amount of data when you consider that each of those rows consists of twenty columns, among which we highlight those related to details such as account creation, e-mail and phone number. All conveniently formatted into something somewhere between CSV and a JSON.
In fact, an ethical hacker had reported a vulnerability in the authentication of Twitter’s API, according to which querying it with a certain query starting with a phone number or email could obtain the TwitterID, an extremely important element for then doing any other public search in order to link that data to the real person or Twitter account.
It only took less than seven months, to see realized what the vulnerability researcher had simply posed as a possible risk, the exfiltration of data by making use of special scripts. All this also gives us the dimension of how dangerous a bad exposure of databases rich in user details is. Also how dangerous it is to have collections of data lying around the network and in the public domain, usable by anyone.
For there will always be someone who will use that data for illicit purposes and continue to further violate people’s privacy.