Threat Actors Selling Data from 5.4 Million Twitter Accounts

HackerOne user “zhirinovskiy,” reported to Twitter on January 1st, 2022, of a severe vulnerability enabling a threat actor with knowledge of scripting and coding to exploit and obtain phone number and/or emails addresses of Twitter users. As outlined by “zhirinovskiy,” "This is a serious threat, as people can not only find users who have restricted the ability to be found by email/phone number, but any attacker with a basic knowledge of scripting/coding can enumerate a big chunk of the Twitter user base unavailable to enumeration prior (create a database with phone/email to username connections). Such bases can be sold to malicious parties for advertising purposes, or for the purposes of  targeting celebrities in different malicious activities." While Twitter had responded to “zhirinovskiy” and patched the vulnerability in January 2022, a threat actor under the handle "devil" is selling email and phone numbers of 5.4 million users, posted in a hacking forum named, Breached Forums, on Thursday, July 21st, 2022. The authenticity of the data has been verified by the owner of Breach Forums along with the threat actor providing samples of the data online. The compromised accounts contain verified, notable celebrities and company  accounts.  The selling price of data by "devil" is demanded to start at $30,000.

‍