Twitter confirms the data breach that impacts 5.4 million users

Late last month, the information about a hacker selling data of 5.4 million Twitter users surfaced online. Apparently, the hacker took advantage of a security vulnerability from earlier this year. Further, the data of more than five million users was available to purchase for $30,000. Now, the microblogging platform has confirmed that the attack did take place. 

Twitter confirms a data breach 

Twitter has confirmed that the security flaw was exploited.The platform mentions in a press release that "In July 2022, we learned through a press report that someone had potentially leveraged this and was offering to sell the information they had compiled. After reviewing a sample of the available data for sale, we confirmed that a bad actor had taken advantage of the issue before it was addressed."

In a previous report, Bleeping Computers mentioned that it has reached out to the attacker who intends to sell the data for the aforementioned amount. However, the attacker could release the information on the internet for free as well, which will put the security of millions of Twitter users into question. Twitter states that it will inform the account owners that are confirmed to be affected by the security issue. However, it also says, "we aren't able to confirm every account that was potentially impacted."

Users should enable two-factor authentication

Nevertheless, the platform also issues safety advisory for users, asking them not to add a publicly known phone number or email address to their Twitter account. The platform also asks users to enable two-factor authentication which adds a layer of security to users' accounts and prevents unauthorised access. Those who are concerned about the security of their account can reach out to the Office of Data Protection at https://twitter.ethicspointvp.com/custom/twitter/forms/data/form_data.asp. 

As per Restore Privacy, the data that is available for sale was acquired by manipulating the security vulnerability. The firm reached out to the seller, confirming that the database is up for sale for the aforementioned amount on Breach Forums. It contains publicly available information such as username, phone numbers and corresponding email addresses. However, the leaked data does not contain passwords to Twitter accounts, which is a relief.