Recently, a hacker sold 5.4 million Twitter account data for $30,000 (about 200,000 RMB). It is understood that Twitter earlier this year confirmed the existence and repair of a cybersecurity flaw that could lead to the disclosure of user account IDs, phone numbers, and emails, even though Twitter make measure in data protection.ย
The vulnerability was discovered in January by Hackerone user zhirinovskiy, who reported it to Twitter.ย
Under this vulnerability, even if the user hides the phone number, email, and account ID in the privacy settings, the attacker can still obtain this information. Typically, this vulnerability exists in the process of authorizing Twitter for Android users.ย
Afterwards, Twitter staff said that they would further investigate and work hard to fix the vulnerability and provided a $5,040 bounty to user zhirinovskiy.ย
However, on July 21, RestorePrivacy noticed that a new user was selling a Twitter database on a hacker forum, which it said had data on 5.4 million users, covering some well-known personalities, corporate institutions, and ordinary user account information.ย
RestorePrivacy downloaded a sample database for verification and analysis and found that victims came from all over the world. The leaked data included public profile information and emails and phone numbers tied to Twitter accounts. At the same time, it has been verified that the data in the sample can be matched with people in the real world. In response, Twitter responded that they were checking the matter.ย
In fact, this isn’t the first time Twitter has had a data breach.ย
In January 2019, Twitter disclosed a security flaw it had fixed that had left the private tweets of many users exposed for more than four years. In December 2020, the Irish Data Protection Commission (DPC) fined Twitter โฌ450,000 for failing to notify and adequately document breaches in this data breach.ย
Since then, Twitter has been taking data protection very seriously, especially the protection of users’ private data, because it’s about the user’s experience. Since the incident, Twitter has been inspiring to improve the user experience. However, this leak once again exposed that Twitter’s data protection is not very well done. There are many better backup solutions available today to protect data such as VMware backup, Hyper-V backup, Xenserver backup and so on.ย