Twitter confirms data leakage of 5.4 million accounts
Dl25 reported on August 8 that on July 22, restore privacy reported that Twitter was hacked due to security vulnerabilities, and the contact information of a total of 5.4 million accounts was leaked. The leaked 5.4 million accounts, including the twitter ID and its associated phone number and email information, had been sold on a hacker forum at a price of $30000 (about 202800 yuan).
Today, Twitter has officially confirmed that the attack has occurred and the 0-day vulnerability has been fixed.
Twitter official said that as early as January this year, it had learned about the vulnerability through its vulnerability bounty program hackerone. The vulnerability gradually emerged after its code was updated in June 2021. Although the issue was resolved earlier this year, twitter said it did not consider the possibility that the attacker already had data.
It home learned that according to previous reports, a total of 5485636 twitter accounts' personal data, including mobile phone numbers, locations, URLs, personal data pictures and other data information, were stolen.
Twitter said that it was notifying each affected user, but due to the security vulnerability, the official could not fully confirm which accounts were exposed. In addition, although passwords are not part of the data disclosure, twitter recommends that users turn on dual authentication for their accounts.