The company has a pretty bad data hack on its hands. It could affect hundreds of millions of users and lead to major security issues for the platform but, despite its severity, it has been easy to overlook. If you use the bird app, you will definitely want to pay attention to this mess as it could affect you.
The short version is that the data was stolen more than a year ago and ended up on a dark web marketplace. How much is the asking price? The equivalent of two dollars. The data was posted to the market "Breached" where anyone can now purchase and peruse it. More than 200 million people's information is covered by the cache.
We pulled together a short rundown on what you might need to know about the latest in a long string of security issues for the social networking site.
The email addresses and phone numbers of over 200 million people are said to be included in the breach material. The information has been combined with information from the users profiles to allow for more complete data to be created. According to Bleeping Computer, the information for each user includes email addresses and phone numbers, but also names, screen names, and follower count. Anyone who buys the haul from "Breached" will have the contact and partial login information for any affected users of the micro-blogging site. It's a major privacy violation for anyone who doesn't want random dark web goons to have access to their contact info
The data that appeared on the show was stolen. The Washington Post reported that a vulnerability in the platform allowed criminals to call up user information. The bug made it possible for anyone to use a phone number or email to verify if they were connected to an active account on the micro-messaging service. The account that was tied to thecredential would be revealed by the bug.
The vulnerability was first publicly acknowledged in August of last year. An update to the company's code took place in June of 2021. The company told users that there was no evidence to suggest that someone had taken advantage of the vulnerability.
By the time the platform caught on, the hackers had already taken data from a lot of people. The amount of information inside the "Breached" haul is not known. Some of the data has been tested and found to be real.
We don't have a clue. The identities of the people behind the data breach are not known, and it is not clear if they have ties to a well-known hacker group or a threat actor. The person who posted the 200 million profile haul on Breached goes by the name Stay Mad, but little is known about them outside of that. We don't know who is responsible for the data breach, but security experts think that the data could be used to conduct a lot of bad things. The information could be used for account takeover attempts, as well as phish and harassment of affected users, according to experts.
We can't tell if the most recent iteration of this data breach has anything to do with it. The company hasn't given any updates or commented on the recent listing of user data for sale. Gizmodo reached out to the company for comment on the incident, but they didn't reply. The public relations department is no longer working for the social networking site. If the platform ever addresses the security fiasco, we will update our story.
There isn't a lot you can do. It is not clear how you would verify if you were impacted or not. One suggestion would be to burn the account credentials that may have been involved. An exposed phone number is more complex than an email address. If you're worried about your privacy, you can always ask for a phone number change. Changing the email address and phone number associated with your account should be done at the same time as using multi-factor authentication that puts the account's security firmly in your hands.