Un ciberdelincuente ha logrado explotar una vulnerabilidad de Twitter, mediante la cual ha conseguido recopilar los números de teléfono y direcciones de correo electrónico de más de 5.4 million users. El autor del delito, conocido por el pseudónimo ‘Devil’, ha puesto a la venta la base de datos por más de 30.000$ and claims that it contains data of all kinds of users, including celebrities, well-known companies, etc.

The attacker claims to have made use of a vulnerability discovered in December 2021 to collect all the data. This vulnerability has already been patched, but it allowed users to obtain information from any other account by sending a phone number or email, even if the account owner had disabled that option in their settings panel.

For the moment, Twitter has not confirmed the data leak and has stated that it is verifying the authenticity of the claims. However, BleepingComputer claims to have had access to a sample of this database and was able to verify that the information contained in that sample was real.

Aunque prácticamente la totalidad de los datos filtrados son de acceso público, estas bases de datos suelen tener un elevado precio en el mercado negro, ya que son utilizadas por otros ciberdelincuentes para llevar a cabo ataques de phishing. In this way, se recomienda a los usuarios de Twitter estar especialmente alerta durante los próximos meses y que, under no circumstances, introduzcan sus credenciales de acceso sin haber revisado la procedencia de los mensajes y correos que reciban.


Leave a Reply

Your email address will not be published. Required fields are marked *

More news
A
Read more »
A researcher manages to hack some concert tickets using AI
Read more »
Una nueva campaña de phishing suplanta a ChatGPT
Read more »
Nintendo suffers a data breach through a supplier
Read more »
Trying to make fun of a scammer is not a very good idea
Read more »