Advisory ID: NCC-CSIRT-0512-060
Summary: Over 5.4 million Twitter users' data were exposed due to the discoverability by phone number/email restriction bypass vulnerability that was publicized on a hacker forum.Attackers are exploiting the vulnerability to find a twitter account by its phone number/email even if the user has prohibited this in the privacy settings.
Vulnerable Platform(s):
Twitter social networking platform
Threat Type:
- Phishing
Product : Andriod Client of Twitter
Version: All versions
Description: Over 5.4 million Twitter users' data were exposed due to the discoverability by phone number/email restriction bypass vulnerability that was publicized on a hacker forum.Attackers are exploiting the vulnerability to find a twitter account by its phone number/email even if the user has prohibited this in the privacy settings.
Consquences:
Compromise user data and make it available to the public
Impact/Probability: HIGH/HIGH
Solution :
- Examine any email that claims to be from Twitter carefully.
- Ignore and delete any emails that ask you to log in to a non-Twitter domain and claim that your account has been suspended, there are login problems, or you are about to lose your verified status.