Florian Posted November 28, 2022 Share Posted November 28, 2022 did you see this post? has anyone already looked into it? https://www.bleepingcomputer.com/news/security/54-million-twitter-users-stolen-data-leaked-online-more-shared-privately/ Link to comment Share on other sites More sharing options...
Grubbslinger Posted November 28, 2022 Share Posted November 28, 2022 Its interesting how they exploited the API but, imho, has less of an impact outside of ID of anonymous accounts (which if they added a phone number too is kinda there fault if they wanted to stay anonymous). It adds to phishing lists sure but email and phone number is not really private information in this day and age. Link to comment Share on other sites More sharing options...
Lulz Posted November 28, 2022 Share Posted November 28, 2022 6 hours ago, Grubbslinger said: Its interesting how they exploited the API but, imho, has less of an impact outside of ID of anonymous accounts (which if they added a phone number too is kinda there fault if they wanted to stay anonymous). It adds to phishing lists sure but email and phone number is not really private information in this day and age. Phone numbers leaking can be really bad if they are also tied to, let say, a big wallet on some cryptocurrency exchange platform with an option to recover the account by text. Those people are just a SIM swapping attack away from losing all their funds. Cryptobros love bragging about being rich on twitter and some of them are not the sharpest tool in the shed, I bet a huge chunk of them are using the same phone number everywhere. 😅 Link to comment Share on other sites More sharing options...
kazukidevnull Posted November 28, 2022 Share Posted November 28, 2022 (edited) i did take a look and as far as i can see, it contains following information: "id": (KAZU NOTE: Twitter ID, this is given to a account when it's created and never change even when Handle is changed and is used by twitter to keep track of accounts and is public, "name": (KAZU NOTE: often contains first or/and last name of the person or alternatively just the the screen name if no real name) "screen_name": "location": (KAZU NOTE: often "url": "description": (KAZU NOTE: twitter bio) "protected": "followers_count": "friends_count": "listed_count": "created_at": (KAZU NOTE: list exact time and date when the account was created down to the second) "favourites_count": "verified": "statuses_count": "is_translator": "profile_image_url_https": "default_profile_image": "translator_type": "email": while most information provided are things that is not considered private information, beside maybe email to some limited degree, the information provided is still something that can be of low-medium security risk and medium privacy risk as it can be abused under the right circumstances to enrich or provide a starting point for OSINT activities. which can naturally lead to finding further information and can then be used for phishing or so forth, but the information in the leak itself have limited impact from a security standpoint. Also, no password or phone numbers appears to be included in the leak. although there's already a old leak with 18mil mail and passwords in it floating around, so you can use that one to enrich this one with that extra information i guess. Edited November 28, 2022 by kazukidevnull 2 Link to comment Share on other sites More sharing options...
kazukidevnull Posted November 29, 2022 Share Posted November 29, 2022 (edited) i hate i can not edit posts after a while as i wrote this late at night when my head barely functioned and now i see a bunch of errors i would've liked to fix >_< the location note was supposed to be removed and i dunno what some of the fields mean such as "translator_type", "is_translator" and "listed_count". Edited November 29, 2022 by kazukidevnull 1 Link to comment Share on other sites More sharing options...
Grubbslinger Posted November 29, 2022 Share Posted November 29, 2022 15 hours ago, kazukidevnull said: i did take a look and as far as i can see, it contains following information: "id": (KAZU NOTE: Twitter ID, this is given to a account when it's created and never change even when Handle is changed and is used by twitter to keep track of accounts and is public, "name": (KAZU NOTE: often contains first or/and last name of the person or alternatively just the the screen name if no real name) "screen_name": "location": (KAZU NOTE: often "url": "description": (KAZU NOTE: twitter bio) "protected": "followers_count": "friends_count": "listed_count": "created_at": (KAZU NOTE: list exact time and date when the account was created down to the second) "favourites_count": "verified": "statuses_count": "is_translator": "profile_image_url_https": "default_profile_image": "translator_type": "email": while most information provided are things that is not considered private information, beside maybe email to some limited degree, the information provided is still something that can be of low-medium security risk and medium privacy risk as it can be abused under the right circumstances to enrich or provide a starting point for OSINT activities. which can naturally lead to finding further information and can then be used for phishing or so forth, but the information in the leak itself have limited impact from a security standpoint. Also, no password or phone numbers appears to be included in the leak. although there's already a old leak with 18mil mail and passwords in it floating around, so you can use that one to enrich this one with that extra information i guess. Excellent breakdown! I agree that is low to medium risk, I would just not set off the octoalert for this as a breach. 1 Link to comment Share on other sites More sharing options...
kazukidevnull Posted November 29, 2022 Share Posted November 29, 2022 (edited) 1 hour ago, Grubbslinger said: Excellent breakdown! I agree that is low to medium risk, I would just not set off the octoalert for this as a breach. Well, i try, although not easy when head is kicking and screaming cause it had enough but i insist keep going😂 Tbh, as mentioned, compared to the leak a while back of 18m mail and passwords, this one, is barely worth worrying about as from what i understand it, the information was gathered using a twitter API which i am pretty sure is close to if not exact same API as all the Twitter OSINT services out there are using. heck, if i am not mistaken i can easily(or could before elon arrived) just ask twitter for a API which provide most of this information if i stated it was for statistical/research/development purposes. so i think the biggest value of this one is the fact that i got general information of 5.4m accounts collected neatly in a json file which i can easily throw into a elasticsearch db for future investigations instead of having to try collect it all on my own using twitter's API or 3th party services. Also, let's be honest, 5.4m accounts is almost laughable small with only couple percentages actually being affected, for instance, up trough the years i have created multiple twitter accounts, some of which i never use anymore, but when i tried searching for them using the emails or handles, i got no results. maybe this is due to it seems the people literally started scraping the API from the start incrementally, so it never got to any of mine, but still, it's not that much in all scheme of things considering twitter latest numbers are close to 250mil. Edited November 29, 2022 by kazukidevnull Link to comment Share on other sites More sharing options...
kazukidevnull Posted November 30, 2022 Share Posted November 30, 2022 (edited) However, as mentioned in the article which OP posted, it seems there's even larger twitter leak floating around which affect 17m accounts that may contain more sensitive information then then ones mentioned earlier using the same vulnerability which gave more access to information then i initially though, so i expect to see more twitter related leaks in the future. Also, it have come to my attention to while majority of the entries listed and the ones i viewed(which was a couple couple hundreds) did not contain any entry field for phone numbers, it seems the entry field is not present unless a phone number is present and thus i believed in error that it did not contain any phone numbers, however, after doing a simple grep for "phone" on the file, it only returned around 190.954 entries with a phone number, which is not just a few but not that many in scheme of all things. despite the information mentioned above, my initial assessment of this current leak of 5.4m accounts remains the same with it being more a risk to privacy then actually security with a slight increase of privacy risk but not enough to justify to change it from medium risk. Edited November 30, 2022 by kazukidevnull Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now