Zero day used to expose data of 5.4 million accounts; Twitter

Twitter suffers a data breach of phone numbers and email addresses belonging to 5.4 million accounts, a new research shows that the attackers are finding and exploiting zero day vulnerabilities in 15 minutes.

The hacker is offering email addresses and phone numbers connected to the accounts. The hacker claimed in the post on Breach Forums that the accounts range from “celebrities, companies, randoms, OGs, etc.”

Researcher has explained that the vulnerability allowed an attacker to “find a twitter account by it’s phone number/email even if the user has prohibited this in the privacy options.”

The social media company got to know about this issue on January 6, and moreover, they paid $5,040 as bounty and resolved the vulnerability by January 13. The vulnerability was solved the same day, the researcher confirmed.

Few days back a Twitter Spokesperson told The Record that, “reviewing the latest data to verify the authenticity of the claims and ensure the security of the accounts in question.”

“We received a report of this incident several months ago through our bug bounty program, immediately investigated thoroughly and fixed the vulnerability. As always, we’re committed to protecting the privacy and security of the people who use Twitter,” the Twitter spokesperson added in the statement.

However, Twitter did not respond to requests for comment about what would be done for the accounts.