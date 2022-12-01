Expert Comment: Delinea: Twitter Users Phone Numbers shared online

November 2022 by Joseph Carson, Advisory CISO and Chief Security Scientist chez Delinea

In the news today, Twitter confirmed that over 5.4 million Twitter user records containing non-public information, was previously stolen and fixed in January, but that the records have been shared for free on a hacker forum. Another potentially more significant data dump of millions of Twitter records has also been disclosed by a security researcher, demonstrating how widely abused this bug was by threat actors.

Joseph Carson, Chief Security Scientist at Delinea points out that “This particular attack has just been acknowledged by Twitter. The public disclosure of Twitter users’ phone numbers enables an attacker to attempt to bypass 2FA or MFA, if enabled.

Mobile phone numbers are just one step in the attack path to targeting users through MFA fatigue, but attackers may take the easy path and sell the data on to scammers to make themselves a bit of money.”