Public
- Public
- Network
- Groups
- Featured
- Popular
- People

Conversation

Notices

Embed this notice
Marcus Hutchins :verified: (malwaretech@infosec.exchange)'s status on Friday, 25-Nov-2022 14:53:44 JST Marcus Hutchins :verified:

I'm skeptical to call stuff like this a data breach. If you enable the setting to allow people to find your account via your email or phone number, then people can find your account via your email or phone number. Yes, ideally the platform should prevent simply bruteforcing random email addresses and phone numbers to correlate them to accounts, but this is expected behavior. With enough resources you can always perform such correlations regardless.
In conversation Friday, 25-Nov-2022 14:53:44 JST from infosec.exchange permalink
Attachments
1. Tweet from Chad Loder: "BREAKING: I have just received evidence of a massive Twitter data breach affecting millions of Twitter accounts in EU and US. I have contacted a sample of the affected accounts and they confirmed that the breached data is accurate. This breach occurred no earlier than 2021. This Twitter data breach has not been reported before. Any Twitter account with "Let others find you by your phone" enabled in Discoverability settings is affected. All accounts for the entire country code of France (+33) are listed in the dataset with their mobile numbers."
  https://media.infosec.exchange/infosecmedia/media_attachments/files/109/400/596/300/545/254/original/957fcbd8868e6c05.png
- Embed this notice
  Matt Blaze (mattblaze@federate.social)'s status on Friday, 25-Nov-2022 14:53:37 JST Matt Blaze
  in reply to
  - Kevin Beaumont
  - namazso
  @namazso @malwaretech @GossiTheDog you know what I have little patience for as I get more experience in infosec? Blaming users for failing to understand the implications of obscure, poorly understood options.
  
  In conversation Friday, 25-Nov-2022 14:53:37 JST permalink
- Embed this notice
  namazso@mastodon.cloud's status on Friday, 25-Nov-2022 14:53:39 JST namazso
  in reply to
  - Matt Blaze
  - Kevin Beaumont
  @mattblaze @GossiTheDog @malwaretech See if you configured your twitter to be findable by phone number. If you did then either you are or you will be part of such dataset. If you make something public, expect it to be scraped.
  
  In conversation Friday, 25-Nov-2022 14:53:39 JST permalink
  
  kemuri ? repeated this.
- Embed this notice
  Matt Blaze (mattblaze@federate.social)'s status on Friday, 25-Nov-2022 14:53:40 JST Matt Blaze
  in reply to
  - Kevin Beaumont
  @GossiTheDog @malwaretech I think there's room to quibble about what to call it, as I said. But if my data were scraped that way and appearing in a dataset, I'd appreciate knowing.
  
  In conversation Friday, 25-Nov-2022 14:53:40 JST permalink
- Embed this notice
  Kevin Beaumont (gossithedog@cyberplace.social)'s status on Friday, 25-Nov-2022 14:53:41 JST Kevin Beaumont
  in reply to
  - Matt Blaze
  @mattblaze @malwaretech it should, maybe, not be presented as a 'breaking massive data breach'.
  
  In conversation Friday, 25-Nov-2022 14:53:41 JST permalink
- Embed this notice
  Matt Blaze (mattblaze@federate.social)'s status on Friday, 25-Nov-2022 14:53:43 JST Matt Blaze
  in reply to
  
  @malwaretech I think we can quibble about what to call it, but the fact that such a massive scraping actually occurred seems notable.
  
  In conversation Friday, 25-Nov-2022 14:53:43 JST permalink

Public

Conversation

Notices

Feeds