Twitter just confirmed that it was the victim of a major 0-day hack attack on son unknowingly for several months. The flaw in question was discovered by an ethical hacker and then patched by Twitter in January. But the network social after investigating, I realized that the issue was actually due to a Twitter code update dated June 2021. This left the opportunity to exploit this security vulnerability for several months. The specific vulnerability in question made it possible to find all Twitter accounts associated with a given email address. In other words, it becomes possible find all accounts secrets users – and put a face to it.
Twitter 0-day vulnerability allowed all accounts to be found secrets tied to an email address
Twitter states that it has “no evidence that anyone exploited this vulnerability.” But not everyone seems to agree with these encouraging remarks. Our colleagues at Bleeping Computer, in particular, attribute this 0-day vulnerability to a huge database for sale on a specialized forum. We already told you about this a few days ago. The hacker in question calling himself “devil” thus proposes a database with IDs greater than 5.4 millions accounts for $30,000. And point out that the accounts “range from celebrity accounts to company accounts through random accounts, original accounts, etc.” Twitter then confirmed that its data was compromised following this hack. However, according to The Verge, possible that the problem goes far beyond these few millions accounts. Indeed, at cause method used, it is very difficult for Twitter to confirm any son which accounts could have been compromised in this way. So the network social would have already written directly to users he suspects of being influenced by the blog – not being able to be 100% sure that he actually warned all the people concerned. If you have Twitter accounts that you absolutely want to keep secrets, the best advice is to link them to another email address known only to you. Read also – Twitter, GitHub, AWS… Thousands of apps leak keys to your accounts. It is also highly recommended to change your password after recent hacks and enable authentication if you haven’t already. double factors.