← Back to News List

Account Data Breach: Twitter

Hackers list database of 5.4 million records for sale

In January 2022, a vulnerability in Twitter's platform allowed an attacker to build a database of email addresses and phone numbers of millions of users of the social platform. In a disclosure notice later shared in August 2022, Twitter advised that the vulnerability was related to a bug introduced in June 2021 and that they are directly notifying impacted customers. The impacted data included either email address or phone number alongside other public information including username, display name, bio, location, and profile photo. The data, which included the information on 5.4 million accounts, was posted for sale with an asking price of more than $30,000.

Of the accounts listed, approximately 56 UMBC accounts were indicated in this potential breach. The victims are being notified via their UMBC emails. If you have an account with Twitter, please contact them to see if you have been affected by this breach.

More information on the Twitter potential breach (and subsequent extortion attempts) can be seen at an article from Bleeping Computer: https://www.bleepingcomputer.com/news/security/twitter-confirms-zero-day-used-to-expose-data-of-54-million-accounts/

If you have any questions or concerns, please email us at security@umbc.edu. Information about this potential breach was provided to us by Have I Been Pwned (HIBP): https://haveibeenpwned.com.

Receive any suspicious emails?

Forward it to security@umbc.edu along with the email headers. For instructions, visit: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.

Tags:

Posted: October 19, 2022, 3:23 PM