Twitter Hack II

10894405054?profile=RESIZE_400xA hacker has leaked 5.3 million Twitter account details on a cybercrime forum while another researcher, Chad Loder, claims there is another Twitter breach involving “perhaps over 100 million accounts.”

On 7 August 2022, Hackread.com reported a story detailing a Twitter data breach involving 5.4 million accounts.  Now, the very same data has been leaked on a hacker forum which surfaced as an alternative to popular and now-sized Raidforums.

10894405257?profile=RESIZE_584xThe data is currently available for download (Screenshot left: Hackread.com)

However, there’s more to it.  The end of 2022 does not appear to be on Twitter’s side because it has now become the target of yet another conflict.  A Los Angeles-based cyber security researcher revealed on 23 November that Twitter had experienced a massive breach that allegedly affected millions of users across the US and the EU.[1] 

On his now-suspended Twitter account, Chad Loder warned users about the data breach which he stated occurred “no earlier than 2021” and “has not been reported before”. He stated to have seen the stolen data in the alleged breach and had spoken to the potential victims who confirmed that the breach data was “accurate”. 

On his Mastodon page, the researcher said that according to his research, it’s probable that there are tens of millions currently affected accounts, possibly hundreds of millions.

10894406077?profile=RESIZE_584xHowever, what is uncertain is whether this breach is the same as the one that previously occurred in July this year, which was also confirmed by Twitter, or whether this breach is completely different.

According to Loder, this could not be the same breach until Twitter “lied” about the July breach. He also noted that this data was in a “completely different format” and had “differently affected accounts.” 

Within 24 hours of Loder tweeting about this, his Twitter account got suspended due to having “violated the Twitter rules.”

10894406276?profile=RESIZE_710x

Chad Loder on Twitter (Screenshots on right Hackread.com)

What is likely is that both breaches exploited the same vulnerability which was first reported by HackerOne in January.  It allowed anyone to enter a phone number or email address to find the Twitter handle associated with it.  This is a feature used by Twitter as an internal identifier but can be readily converted to a Twitter ID.

At the time, Twitter acknowledged the existence of the vulnerability and stated that it had been patched but did not mention anyone exploiting it.  However, it was then reported by Restore Privacy that a hacker had used the vulnerability to put together a dataset consisting of Twitter handles, email addresses, and phone numbers of millions of accounts.  The data includes Twitter users in the UK, almost every EU country, and parts of the US. 

Any Twitter account with the “let others find you by phone number” setting enabled in its “discoverability” settings is affected.  This option is hidden quite deep in Twitter’s settings and is turned on by default.  

Keeping in mind the recent news, it becomes apparent that this data was accessed by more than one bad actor.  Reports confirm that they were shown a dataset that contained similar information in a different format.  The datasets could be sold to malicious parties who would use the data for advertising purposes or maliciously target certain accounts such as celebrities. 

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization.    For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs.com      

 

Weekly Cyber Intelligence Briefings:

 

  • Reporting: https://www. redskyalliance. org/   
  • Website: https://www. wapacklabs. com/  
  • LinkedIn: https://www. linkedin. com/company/64265941   

 

Weekly Cyber Intelligence Briefings:

REDSHORTS - Weekly Cyber Intelligence Briefings

https://attendee.gotowebinar.com/register/5504229295967742989

 

[1] https://www.hackread.com/twitter-jan-data-breach-leak/

E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!

Comments

  • Trump must be loving this!!! The timing is interesting.
This reply was deleted.