Recently, Twitter confirmed their serious data leak. Now, the “Have I Been Pwned” project has added around 6.7 million records.
At the beginning of January this year (2022), around 5.4 million data records were stolen from Twitter due to a security gap. After the company confirmed the leak last week and wanted to inform the affected users, the “Have I Been Pwned” project has now even added around 6.7 million Twitter records to the database.
The pool of data comprises a total of 6,682,453 data records. These contain the biography, e-mail addresses, geographic location, names, usernames, profile photos, and telephone numbers.
Have I been pwned basic data
In addition to active accounts, the data breach also contains suspended accounts. If you subtract the approximately 1.4 million accounts, the total of 5.4 million affected Twitter accesses, which the company had already confirmed, results in rounding inaccuracies.
Vulnerability abused in January
The vulnerability became known on January 1 on the HackerOne platform. Her discoverer reported her to Twitter as part of the bug bounty program and received a reward of around $5000. As a result, the login process contained an authorization vulnerability that allowed an attacker to associate a Twitter account with private information such as email address and phone number, even though privacy settings should have hidden it.
Have I been pwned exploited
Although the vulnerability could be exploited with the Twitter app for Android, the error originated on the server side. An unknown attacker apparently collected the data exposed in this way before the gap was closed on January 13 of this year and offered it for sale in July.
Even if the data does not contain passwords, Twitter recommends enabling multi-factor authentication (MFA). Thanks to the integration into the “Have I Been Pwned” database, you can now check for yourself whether your own email address is affected.
Those affected should be careful with incoming SMS or emails, for example – cybercriminals often use this type of information to make phishing attacks look more authentic and thus persuade victims to disclose other sensitive data such as passwords or MFA responses.
How to check if you have been pwned
How to Check Your Data’s Security Using “Have I Been Pwned”
The website can send email notifications about new data breaches and indicate whether your log-in information, financial information or other details have been stolen or leaked online.
The majority of Americans have experienced data breaches over the past few years, which have resulted in illegal access to login passwords, financial information, and personal data that can be utilized by fraudsters.
Knowing which of your accounts have been impacted is crucial for tightening up your online security. You can do that work at the no-cost website Have I Been Pwned, a source that many security professionals highly recommend. Hacker slang for hacking or seizing control of a computer or application is “pwn.”
The website was developed by Australian digital security expert Troy Hunt and analyzes data from millions of compromised accounts and hundreds of breaches, whose information is frequently shared online and sold by criminals. You can input an email address or phone number on the website to see if it has been used in any of the data breaches the site monitors. After that, you can modify your passwords and adopt further security measures.
Have I Been Pwned has been recommended by Consumer Reports for years, and security-conscious consumers may have already utilized it! The website has, however, gradually grown more stable, introducing new services and growing its records of compromised data. And, regrettably, data breaches keep happening. Therefore, even if you have already visited the site, it is still worthwhile.
What Have I Been Pwned Gives You Options
Both first-time users and frequent visitors can use the site’s numerous features.
Look up the information you need
You can use Have I Been Pwned to find out if your personal information has been compromised. You can access a list of data breaches connected to your email address or phone number by entering those details. The website will also disclose details about each data breach, including the date it occurred, the name of the organization that was affected, the type of data exposed, how the breach was detected, and the number of accounts implicated.
Data breaches that Hunt deems sensitive—such as those on adult websites—are by default not publicly searchable. Only those people who sign up to get email notifications are given access to such specifics.
Advice from Troy Hunt on How to Stay Safe
Have I Been Pwned is a helpful tool for learning if a data breach has affected you, but it’s preferable to prevent the issue by securing your accounts! Enabling multifactor authentication and utilizing a password manager to create and store strong passwords are two crucial steps, according to Hunt.
If you do that, you might be able to obtain Hunt’s data without going to his website. You can check your passwords against a list of compromised passwords maintained by Have I Been Pwned using the Watchtower function of the password manager 1Password, which charges $3 per month and higher. 1Password will then advise you which passwords need to be changed immediately.
Additionally, Have I Been Pwned data is utilized by browser add-ons like Okta’s PassProtect for Chrome.
Find out how much information you’re revealing online with Have I Been Pwned, according to Hunt, which is one of its top applications. “Almost everyone can practice a little amount of data minimization,” he claims. “Do you have to provide your date of birth to a website that requests it, for instance? What benefit do you personally gain from disclosing your date of birth?
Consider withholding it if the website doesn’t actually require it in order to give you the service you require, he advises.