A hacker has exploited a vulnerability that led to Twitter data for 5.4 million accounts being listed for sale. It is said to contain phone numbers and email addresses that tie to each of the affected handles. This is regardless if the information was public or was intended to stay private.
The security vulnerability was detailed back on January 1st by user zhirinovskiy. The report was confirmed by a Twitter staff member days later. Twitter later confirmed the vulnerability and even rewarded zhirinovskiv with $5,040 for reporting. They had patched the issue by January 13th and disclosed the vulnerability the following month.
According to Restore Privacy the data has been posted to Breach Forums by the user ‘devil’. We attempted to verify if the post was still active but the user ‘devil’ is no longer showing any posts or threads on the site. According to the screenshot from Restore Privacy the information includes information on users ranging from ‘Celebrities, to Companies, randoms, OGs, etc…’.
Restore Privacy downloaded the data sample and verified it does include profile information as well as the email addresses or phone number the user registered with. They were then able to verify the profile information against currently available public information. They reached out to the seller and was told they were asking at least $30,000 for the database.
What can I do to protect myself?
There’s currently no way to check if your account was included in this data breach. As the data gets purchased or Twitter becomes aware of the affected accounts there may become ways to confirm if you were a part of this breach. Unfortunately your information could have been scrapped by others that haven’t yet released this information. It’s best to assume your information has been compromised.
One common way hackers could use this information is to phish for additional details. Be sure to watch for any emails from services asking you to login or send account details. If you receive messages you aren’t expecting it is best to no click any links inside of those messages. This is especially important for any custodial wallets you may hold like exchanges.
Considering Twitter is a common platform used for Bitcoin conversation you should also be aware of ways hackers could attempt to steal your Bitcoin. You should never input your private keys into any connected device regardless if you receive messages requesting you to do so. This is becoming a more common tactic and should be your practice to never do it.