Twitter has confirmed that a significant hack has put 5.4 million Twitter accounts a risk, with hackers gaining access to personal information that could be sold for a profit.
A report by AndroidPolice shows that hackers gained access to data like profile pictures, location data, email addresses, and phone numbers.
The attack was due to something called a “zero-day exploit”. This is where jackets target a software vulnerability that antivirus and software vendors aren’t aware of.
The report says that hackers used a vulnerability that allowed anyone to query a phone number or email to check on an active Twitter account to access information.
According to the report, hackers have already tried to sell the data associated with these accounts. Reportedly, two different threat actors have purchased the data for around $30,000. Additionally, it’s likely that this information will be released for free in the future.
The company has released a statement acknowledging the breach and providing suggestions on how users can protect their data in the future.
Twitter has responded to the news, saying that it deeply regrets the situation. It has also acknowledged the risk this presents to users that have had their data compromised.
The company isn’t able to fix the situation. However, it has provided some recommendations for users wanting to protect their personal data going forward.
Firstly, it has been suggested that users don’t have their phone numbers or email address visible to the public. This can be changed using Twitter’s account privacy settings.
Additionally, Twitter has recommended that users enable two-factor authentication using authentication apps or hardware security keys. Although passwords weren’t stolen in this breach, this can protect a user’s account if someone did manage to access their password.
Lastly, the company says that users can now access its Office of Data Protection, which provides advice on account safety and information on how Twitter protects data.