Twitter leaked email addresses of at least 200 million users

Comment

An online hacking forum posted records of the 235 million Twitter addresses and email addresses used for registration. This allows anonymous handles to be linked with real-world identities.

Security experts warned that this could lead to violence, arrest, detention or even death for people who use Twitter to criticize powerful individuals or governments. It also exposes others to blackmail. Hackers could also use email addresses to reset passwords and gain control of accounts, especially those that aren’t protected by two-factor authentication.

Alon Gal, cofounder of Israeli security firm HudsonRock, stated that hackers, political operatives, and governments will use this database to further harm our privacy. He was also the one who discovered the publication through an underground marketplace.

The records may have been assembled in late 2021 by using a flaw that allowed people to find accounts that had shared their information with Twitter. These searches can also be automated to check unlimited numbers of phone numbers or emails.

Twitter: August It discovered the vulnerability in January 2022 via its bounty program for bug reporting and that the vulnerability was accidentally introduced in a code upgrade seven months prior.

Hackers were caught selling 5.4 million Twitter accounts, along with associated email addresses and phone numbers. Twitter claimed that this was the first time it had seen anyone exploit the flaw.

Gall said it was almost certain, Gall said, that other dumps of similar size were created and offered for private sale. These dumps circulated for quite some time before the last publication.

Last month, the Irish Data Protection Commission stated it was Investigation The breach that occurred previously and the General Data Protection Regulation in Europe may both have been violated. This latest installment will likely increase the intensity of the investigation and an ongoing probe from the US Federal Trade Commission into Twitter’s violation of consent decisions that it made to better protect user data. The Federal Trade Commission declined comment.

Three quarters of Twitter users are outside the United States and Canada.

Twitter did not respond when I emailed them asking for comment and if they had any advice.

These users provided at most random email addresses, or email addresses that are not associated with them elsewhere. These email addresses are susceptible to account takeover attempts or phishing.

Twitter stated that it fixed the bug as soon as it was aware of it in a previous statement, but didn’t say how long it took. The January 2022 release of the report came at a time when Twitter had fired both of its chief security officials.

Peter Zatko, one of the two, was arguing within Twitter that Twitter was blatantly unprepared for hacking attempts. He filed a formal whistleblower claim with the SEC, and later testified about congressional failures.

Although the 235 million records posted are among the most serious breaches, they are only the latest in a series security disasters that have plagued Twitter for more than a decade. Zatko claimed that the company was violating the Federal Trade Commission’s 2011 settlement due to the numerous account takeovers.

Elon Musk used Zatko’s testimony about poor security practices to try to buy the company. However, he has since fired several of its security personnel.



Source link

[Denial of responsibility! reporterbyte.com is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – reporterbyte.com The content will be deleted within 24 hours.]

Total
0
Shares
Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

6 Takeaways from AMD’s CES consumer chip announcements

Next Post

Mainstream AMD CES2023 Live Blog: Dr. Lisa Su launches largest tech event of the year

Related Posts