A Twitter vulnerability first found and patched in January 2022 appears to have precipitated much more injury than initially thought.
As TechRadar Professional reported in late July 2022, an information dump of delicate id (opens in new tab) data for five.4 million Twitter customers was offered on the darkish internet. Now, follow-up experiences are saying that not solely is that information dump being supplied at no cost, however a second, probably much more damaging breach has been dedicated.
This one, based on BleepingComputer (opens in new tab), probably accommodates “tens of millions of Twitter records”, together with individuals’s telephone numbers, verified standing, account names, Twitter IDs, biographies, and display names.
Authenticity confirmed
The findings had been initially revealed by safety researcher Chad Loder, who was allegedly banned from Twitter after breaking the information. He has since migrated to Mastodon, and revealed his findings there.
“I have just received evidence of a massive Twitter data breach affecting millions of Twitter accounts in EU and US. I have contacted a sample of the affected accounts and they confirmed that the breached data is accurate. This breach occurred no earlier than 2021,” Loder shared on Twitter on the time.
BleepingComputer analyzed a pattern of the breach, containing greater than 1.3 million telephone numbers of Twitter customers from France, and got here to the conclusion that the numbers are legitimate.
“We have since confirmed with numerous users in this leak that the phone numbers are valid, verifying this additional data breach is real,” the publication famous.
These telephone numbers weren’t a part of the information dump that was being offered final summer time, all however confirming {that a} second breach has occurred.
BleepingComputer additionally managed to get in contact with the one that made the preliminary information breach, a hacker going by the alias “Pompompurin”, who confirmed that they weren’t liable for the second leak.
Subsequently, it’s protected to imagine that a number of menace actors knew about Twitter’s flaw and actively labored to use it earlier than it was initially patched.
Fire-Boltt Ninja Call Pro Plus 1.83" Smart Watch with Bluetooth Calling, AI Voice Assistance, 100 Sports Modes IP67 Rating, 240*280 Pixel High Resolution
Fire-Boltt Phoenix Smart Watch with Bluetooth Calling 1.3",120+ Sports Modes, 240*240 PX High Res with SpO2, Heart Rate Monitoring & IP67 Rating
boAt Wave Call Smart Watch, Smart Talk with Advanced Dedicated Bluetooth Calling Chip, 1.69” HD Display with 550 NITS & 70% Color Gamut, 150+ Watch Faces, Multi-Sport Modes,HR,SpO2, IP68(Active Black)
Noise Pulse Go Buzz Bluetooth Calling Smart Watch, 1.69" Clear Display, 550Nits,150+ Watch face, Comfort Strap, Heart Rate, Steps & Sleep Tracker, IP68, 7 Days Battery(Jet Black)
OnePlus Bullets Z2 Bluetooth Wireless in Ear Earphones with Mic, Bombastic Bass - 12.4 Mm Drivers, 10 Mins Charge - 20 Hrs Music, 30 Hrs Battery Life (Acoustic Red)
OnePlus Nord 2T 5G (Jade Fog, 8GB RAM, 128GB Storage)
OnePlus Bullets Z2 Bluetooth Wireless in Ear Earphones with Mic, Bombastic Bass - 12.4 Mm Drivers, 10 Mins Charge - 20 Hrs Music, 30 Hrs Battery Life (Magico Black)
OnePlus Nord Buds True Wireless in Ear Earbuds with Mic, 12.4mm Titanium Drivers, Playback:Up to 30hr case, 4-Mic Design + AI Noise Cancellation, IP55 Rating, Fast Charging (Black Slate)
OnePlus Nord CE 2 Lite 5G (Blue Tide, 6GB RAM, 128GB Storage)
(as of February 1, 2023 18:14 GMT +05:30 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)