Published: 03:33 AEST, 6 August 2022 | Updated: 03:51 AEST, 6 August 2022
Twitter patches flaw in its software that let a hacker named ‘devil’ steal phone numbers and email address from 5.4 million accounts that they sold for $30,000 each on the dark web
- A bad actor accessed Twitter through a zero-day vulnerability
- A zero-day vulnerability is a software flaw that is unknown to the parties responsible for the site
- The vulnerability allowed them to scrape information, including phone numbers and emails, and offer 5.4 million accounts for sale on the dark web
Twitter revealed the zero-day vulnerability that allowed a bad actor to compile a list of 5.4 million account profiles in December 2021 is now patched as of Friday.
A zero-day vulnerability is a software flaw that is unknown to the parties responsible for the site and is live an open window for those lurking in the backend of the website.
The vulnerability allowed the hacker known as ‘devil’ to scrape Twitter and collect phone numbers and emails associated with the millions of accounts that belonged to ‘celebrities, companies and random people,’ according to a post by the hacker on the dark web that says the collection was due to ‘Twitters incompetence.’
The fix comes too late, as the hacker already uploaded the data to the dark web and was selling the accounts for $30,000 each – it is not clear how many have been bought, BleepingComputer reports.