5.4 Million Twitter Accounts for Sale by a Criminal Hacker
On dark web markets, everything illegal can be purchased from stolen credit cards to even human organs. Yes, that is what it’s like on the deep web – quite a shocking reality for the faint of heart. Even stolen social media information is quite a hot commodity as they are also been auctioned on the dark web marketplaces.
Twitter is the latest hacked social media platform with more than 5.4 million Twitter accounts being offered for sale for a meager $30,000.00, which pales in comparison to the high dollars usually charged by some of the most infamous threat actors. The privilege data was collected through a flaw discovered on the Twitter social media platform, which criminal hackers continue to hack.
The reported infiltrated breach collected contact information such as phone numbers and email addresses of Twitter users. With the stolen information currently being offered for sale on a dark web marketplace, The criminal hacker dubbed Devil only wants $30,000 for his very arduous work of stealing private Twitter data.
Massive Twitter Data Breach
So far, “Devil” claimed he is the hacker responsible for getting the stolen information on the market. According to the threat actor, the database contains information of some very famous Twitter users, and even various accounts of some prominent USA businesses.
BleepingComputer reported that the courteous hacker even revealed how they hacked a vulnerability flaw to gather private data in December 2021. He also stated that for the meager asking price of $30,000.00, many potential buyers have indicated their interest in acquiring the list, which includes even popular Hollywood celebrities’ private information.
However, this is just one of the recent hacks on the Twitter platform through an unpatched vulnerability, as it was previously utilized in another hack by HackerOne, which occurs around January 13 as reported by Restore Privacy.
The vulnerability disclosure revealed by Zhirinovsky’s cyber security company states that “the vulnerability allows any party without any authentication to obtain any Twitter follower ID. This is done by submitting a phone number or email, even if the Twitter account owner prohibits it in the privacy settings.”
Thus, according to the cyber researchers, the Twitter Android client’s permission process is notably the problematic feature; it is used for checking account duplication.