Data of 5.4 million Twitter users on dark net

Twitter says data was hacked owing to a bug resulting from an update to its code in June 2021.

Gautam S. MengleUpdated: Sunday, August 07, 2022, 08:20 AM IST
article-image
Data of 5.4 million Twitter users on dark net | Image by Free-Photos from Pixabay

In a development that is of relevance to millions of people around the world, microblogging website Twitter has officially confirmed that data of over five million users was hacked through a vulnerability in its system earlier this year.

The Free Press Journal examined a data sample of 56 users and noted that out of these, three were Indian and one, if not Indian, was at least Asian. In a post uploaded on its website on Friday, Twitter stated that a vulnerability in its system (now patched) could allow someone to simply enter an email address or phone number and find all Twitter accounts connected to it.

This works even if a Twitter user has the best of privacy settings on one’s account. In its update, Twitter said that the bug resulted from an update to its code in June 2021.

“When we learned about this, we immediately investigated and fixed it. At that time, we had no evidence to suggest someone had taken advantage of the vulnerability,” Twitter said.

A ‘bug bounty program’ is an initiative undertaken by most tech giants, where they offer bounties to independent ethical hackers in exchange for finding vulnerabilities in their system.

In this case, the bug was found by a hacker known online as “zhirinovskiy”, and he was paid $5,040. The ramifications of the bug were huge, as a patient hacker could simply keep entering phone numbers one by one and gather data of Twitter accounts associated with it, stumbling upon celebrities in the process.

Further, the information could be compiled and sold on the dark web to interested parties, which is known as Personally Identifiable Information (PII).

Everyone’s worst fears unfortunately came true in July this year, when a threat actor uploaded a post on a dark web forum, offering hacked data of over 5.4 million Twitter users for sale. The hacker, identifying himself as “devil”, had put up a small sample for authentication.

Twitter, in its official update, said, “After reviewing a sample of the available data for sale, we confirmed that a bad actor had taken advantage of the issue before it was addressed. We will directly notify the account owners we can confirm were affected by this issue. We are publishing this update because we aren’t able to confirm every account that was potentially impacted, and are particularly mindful of people with pseudonymous accounts who can be targeted by state or other actors.”

(To receive our E-paper on whatsapp daily, please click here. To receive it on Telegram, please click here. We permit sharing of the paper's PDF on WhatsApp and other social media platforms.)

RECENT STORIES

Mumbai updates: Accused Irfan Beelkia in Bandra Worli Sea Link accident arrested by police

Mumbai updates: Accused Irfan Beelkia in Bandra Worli Sea Link accident arrested by police

Mumbai: Malegaon blast accused, MP Pragya Singh Thakur appears in court

Mumbai: Malegaon blast accused, MP Pragya Singh Thakur appears in court

Mumbai: Local trains on Central Railway's main line hit due to technical snag

Mumbai: Local trains on Central Railway's main line hit due to technical snag

Mumbai: SPJIMR starts applications for PGDM and PGDM(BM) programmes

Mumbai: SPJIMR starts applications for PGDM and PGDM(BM) programmes

Maharashtra: Devendra Fadnavis hails CM Shinde's Dussehra rally

Maharashtra: Devendra Fadnavis hails CM Shinde's Dussehra rally