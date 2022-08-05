ContributorsPublishersAdvertisers
Technology

Twitter patches flaw in its software that let a hacker named 'devil' steal phone numbers and email address from 5.4 million accounts that they sold for $30,000 each on the dark web

By Stacy Liberatore For Dailymail.com
Daily Mail
Daily Mail
 3 days ago

Twitter revealed the zero-day vulnerability that allowed a bad actor to compile a list of 5.4 million account profiles in December 2021 is now patched as of Friday.

A zero-day vulnerability is a software flaw that is unknown to the parties responsible for the site and is live an open window for those lurking in the backend of the website.

The vulnerability allowed the hacker known as 'devil' to scrape Twitter and collect phone numbers and emails associated with the millions of accounts that belonged to 'celebrities, companies and random people,' according to a post by the hacker on the dark web that says the collection was due to 'Twitters incompetence.'

The fix comes too late, as the hacker already uploaded the data to the dark web and was selling the accounts for $30,000 each – it is not clear how many have been bought, BleepingComputer reports.

Scroll down for video

https://img.particlenews.com/image.php?url=4L7z0y_0h6gTBmd00
Twitter patched a flaw in its software that let a hacker compile phone numbers and email address associated with 5.4 million accounts

Twitter disclosed in a security advisory Friday: 'In January 2022, we received a report through our bug bounty program of a vulnerability that allowed someone to identify the email or phone number associated with an account or, if they knew a person's email or phone number, they could identify their Twitter account, if one existed.'

'This bug resulted from an update to our code in June 2021. When we learned about this, we immediately investigated and fixed it. At that time, we had no evidence to suggest someone had taken advantage of the vulnerability.'

Twitter told BleepingComputer that it is aware who some of the users are who were impacted by the hack and is sending these individuals notifications to inform them their phone number or email address is now compromised.

However, the social media platform us not clear how many users were victimized.

https://img.particlenews.com/image.php?url=1r2l5i_0h6gTBmd00
The fix comes too late, as the hacker already uploaded the data to the dark web and was selling the accounts for $30,000 each – it is not clear how many have been bought

At this time, Twitter tells us that they cannot determine the exact number of people impacted by the breach. No passwords were collected by 'devil,' so accounts will not be stolen.

Twitter urges users to establish the two-factor authentication on their accounts to stop anyone from wrongfully accessing their account.

'We are publishing this update because we aren't able to confirm every account that was potentially impacted, and are particularly mindful of people with pseudonymous accounts who can be targeted by state or other actors,' warned the Twitter advisory.

https://img.particlenews.com/image.php?url=0VpZSu_0h6gTBmd00
 Graham Ivan Clark was responsible for a global Twitter hack in 2020

This attack, although large, did not make as much noise as the global hack that hijacked accounts belong to high profile people like Bill Gates, Barak Obama and Bill Gates.

The July 15, 2020, breach, the biggest in Twitter history, also took over accounts of celebrities including Elon Musk, Kanye West, Amazon CEO Jeff Bezos, Mike Bloomberg, Warren Buffett, Floyd Mayweather and Kim Kardashian.

Messages were posted from the famous accounts telling followers to send Bitcoin payments to email addresses, swindling more than $180,000 out of unsuspecting victims in the process.

A hacker who identified himself as 'Kirk', believed to be Graham Ivan Clark, claimed to be a Twitter employee and said he could 'reset, swap and control any Twitter account at will' in exchange for cybercurrency payments, according to court papers. Clark, who was sentenced as a youthful offender - he was 17 years old at the time at the time - took a three-year prison plea.

Comments / 0

Related
Daily Mail

EXCLUSIVE: Elon Musk has been approached by one network and two cable channels who want to air public debate between him and Twitter chair Parag Agrawal as legal battle over aborted $44b takeover rages

Tesla and SpaceX CEO Elon Musk has been approached by one unnamed network and two unnamed cable channels to air his proposed debate against Twitter chairman Parag Agrawal, after Musk dropped his bid to buy Twitter, sources tell DailyMail.com. Musk tweeted at Agrawal on Saturday, challenging him to a public...
BUSINESS
MarketRealist

Fraudulent Amazon Scam Calls Get More Creative

As Amazon continues to grow, it has also become a way for scammers to target consumers. The scams have evolved over the years with changes in technology. What's the latest Amazon scam call tactic, and how can you best protect yourself from these attacks?. Article continues below advertisement. Thousands of...
PUBLIC SAFETY
Android Police

WhatsApp could soon keep scammers out of your account more effectively

WhatsApp's popularity makes it a prime target for scammers seeking unauthorized access to your account. The platform supports two-step verification for added security, but it is not a feature most users typically enable for their accounts. And in some cases, users unknowingly share their 6-digit two-factor passcode with scamsters, thereby letting them into their account. Now, as an added security measure, the Meta-owned platform is working on login approval prompts.
INTERNET
The Independent

Twitter hacker steals 5 million celebrity, company, and anonymous accounts’ personal information

A Twitter breach has allowed hackers to find the account names and email addresses associated with millions of accounts.This includes accounts of people who would rather keep their information pseudonymous, such as whistleblowers and celebrity accounts.“We want to let you know about a vulnerability that allowed someone to enter a phone number or email address into the log-in flow in the attempt to learn if that information was tied to an existing Twitter account, and if so, which specific account”, Twitter said in a blog post confirming the attack.It also said there is nothing that users can do to protect...
CELEBRITIES
RELATED PEOPLE
Person
Kanye West
Person
Elon Musk
Person
Kim Kardashian
Person
Bill Gates
Person
Warren Buffett
Person
Jeff Bezos
AOL Corp

Hacker gained access to personal data following Twitter bug

Twitter announced on Friday that a hacker exploited a bug in its system and was offering to sell personal data they had obtained. The bug in question allowed an individual to submit an email address or a phone number and learn which specific account was associated with the information entered.
INTERNET
Benzinga

The Growing Email Scam That's Almost Impossible To Reverse

Phishing emails could be described as the pestilent occurrence of the modern workforce. As we ditched the typewriter for the computer, and faxes for emails, one unexpected (yet always prevalent) consequence, was spam. According to Verizon’s 2019 Data Breach Report, 32% of data breaches in the U.S. involved phishing. These...
PUBLIC SAFETY
IN THIS ARTICLE
#Email Accounts#Hackers#Email Address
CNBC

If you’re getting fake texts from scammers posing as Amazon, you’re not alone—here’s what you can do

If it feels like more scammers and spammers are flooding your various inboxes, that's because they probably are. Fake text messages and e-mails carrying phishing attempts by virtual scammers have been on the rise since the start of the Covid-19 pandemic. And, one of the more prevalent methods scammers have been using recently is fake messages purporting to be from an Amazon representative, who might claim to be checking in about suspicious activity on your account or even a delayed package.
PUBLIC SAFETY
The Verge

A man made millions unlocking T-Mobile phones with stolen passwords

A jury has found Argishti Khudaverdyan, a former owner of a T-Mobile store, guilty of using stolen credentials to unlock “hundreds of thousands of cellphones” from August 2014 to June 2019 (via PCMag). According to a press release from the Department of Justice and an indictment filed earlier this year, Khudaverdyan made around $25 million from the scheme, which also involved bypassing carrier blocks put on lost or stolen cell phones.
PUBLIC SAFETY
YOU MAY ALSO LIKE
NewsBreak
Technology
NewsBreak
Twitter
NewsBreak
Amazon
Apple Insider

Secret Service considers disabling iMessage over missing Jan 6. texts

AppleInsider is supported by its audience and may earn commission as an Amazon Associate and affiliate partner on qualifying purchases. These affiliate partnerships do not influence our editorial content. — The Secret Service is considering preventing employees from usingiMessage on agency iPhones in the future, with claims the loss of text messages relating to the January 6 Capitol insurrection were due to the way encrypted messages are managed.
TECHNOLOGY
The Verge

Twilio suffers data breach after its employees were targeted by a phishing campaign

Digital communication platform Twilio was hacked after a phishing campaign tricked its employees into revealing their login credentials (via TechCrunch). The company disclosed the data breach in a post on its blog, noting that only “a limited number” of customer accounts were affected by the attack. Twilio allows web services to send SMS messages and place voice calls over telephone networks and is used by companies including Uber, Twitter, and Airbnb.
PUBLIC SAFETY
Cadrene Heslop

Think Twice Before Posting. Women Says, "TikTok Got Me Fired"

A Denver resident claims she lost her job because of social media. The TikTok culture encourages people to show more and more of their life. Some people overshare; others feel the need to hop on the latest trend by posting from every location. Thus, videos get made at or about work. When this content goes viral, it receives management's attention. Managers sometimes decide to dismiss the worker because of the material.
DENVER, CO
Daily Mail

'Old rocker off his rocker!' Fans slam Roger Waters and tell him to 'stick to what you're good at' as they threaten to sell their tickets to his 'This Is Not a Drill' tour after he branded Biden a 'war criminal' over Ukraine

Former Roger Waters fans have taken to Twitter to tell how they intend to sell their concert tickets after the Pink Floyd rocker branded Biden a 'war criminal' for supporting war efforts the war in Ukraine. 'Selling my @rogerwaters tickets for Vancouver & Los Angeles. Dude, read #Ukraine history,' wrote...
MUSIC
CNET

Cybercriminals Are Using Bots to Steal Online Pharmacy Accounts, Report Says

Cybercriminals are increasingly deploying software Bots to commandeer the online pharmacy accounts of everyday people, according to new research, allowing hackers to illegally buy prescription drugs and depriving patients of needed medications. Researchers at Kasada, an Australia-based cybersecurity firm that focuses on bots, said they first spotted credential-stuffing attacks against...
PUBLIC SAFETY
FOXBusiness

Meta Platforms delays closing of fitness app deal after FTC lawsuit

Meta Platforms, the parent of Facebook which is making a big play for virtual reality, has agreed to delay closing its deal for Within Unlimited, maker of the popular fitness app "Supernatural," according to a court filing. Ticker Security Last Change Change %. META META PLATFORMS INC. 167.11 -3.46 -2.03%
TECHNOLOGY
Daily Mail

Daily Mail

528K+
Followers
55K+
Post
239M+
Views
ABOUT

Get the latest breaking news, celebrity photos, viral videos, science & tech news, and top stories from MailOnline and the Daily Mail newspaper.

 https://www.dailymail.co.uk

Comments / 0

Community Policy