Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://infosec.exchange/users/malwaretech/statuses/109400620471576578">Marcus Hutchins :verified: (malwaretech@infosec.exchange)'s status on Friday, 25-Nov-2022 14:53:44 JST</a><a href="https://infosec.exchange/@malwaretech" title="malwaretech@infosec.exchange"><img src="https://gnusocial.jp/avatar/23829-48-20240130185139.webp" width="48" height="48" alt="Marcus Hutchins :verified:" style="position: absolute; left: 0; top: 0;">Marcus Hutchins :verified:</a></section><article><p>I'm skeptical to call stuff like this a data breach. If you enable the setting to allow people to find your account via your email or phone number, then people can find your account via your email or phone number. Yes, ideally the platform should prevent simply bruteforcing random email addresses and phone numbers to correlate them to accounts, but this is expected behavior. With enough resources you can always perform such correlations regardless.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/672148#notice-1060035">In conversation</a><time datetime="2022-11-25T14:53:44+09:00" title="Friday, 25-Nov-2022 14:53:44 JST">Friday, 25-Nov-2022 14:53:44 JST</time> <span>from <span><a href="https://infosec.exchange/@malwaretech/109400620471576578" rel="external" title="Sent from infosec.exchange via ActivityPub">infosec.exchange</a></span></span><a href="https://infosec.exchange/@malwaretech/109400620471576578">permalink</a><h4>Attachments</h4><ol><li><label><a rel="external" href="https://gnusocial.jp/attachment/378409">Tweet from Chad Loder: "BREAKING: I have just received evidence of a massive Twitter data breach affecting millions of Twitter accounts in EU and US.I have contacted a sample of the affected accounts and they confirmed that the breached data is accurate. This breach occurred no earlier than 2021. This Twitter data breach has not been reported before.Any Twitter account with "Let others find you by your phone" enabled in Discoverability settings is affected.All accounts for the entire country code of France (+33) are listed in the dataset with their mobile numbers."</a></label><br><a href="https://media.infosec.exchange/infosecmedia/media_attachments/files/109/400/596/300/545/254/original/957fcbd8868e6c05.png" rel="external">https://media.infosec.exchange/infosecmedia/media_attachments/files/109/400/596/300/545/254/original/957fcbd8868e6c05.png</a></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Marcus Hutchins :verified: (malwaretech@infosec.exchange)'s status on Friday, 25-Nov-2022 14:53:44 JST Marcus Hutchins :verified:
I'm skeptical to call stuff like this a data breach. If you enable the setting to allow people to find your account via your email or phone number, then people can find your account via your email or phone number. Yes, ideally the platform should prevent simply bruteforcing random email addresses and phone numbers to correlate them to accounts, but this is expected behavior. With enough resources you can always perform such correlations regardless.
In conversationFriday, 25-Nov-2022 14:53:44 JST from infosec.exchangepermalink
Attachments
1. Tweet from Chad Loder: "BREAKING: I have just received evidence of a massive Twitter data breach affecting millions of Twitter accounts in EU and US. I have contacted a sample of the affected accounts and they confirmed that the breached data is accurate. This breach occurred no earlier than 2021. This Twitter data breach has not been reported before. Any Twitter account with "Let others find you by your phone" enabled in Discoverability settings is affected. All accounts for the entire country code of France (+33) are listed in the dataset with their mobile numbers."
  https://media.infosec.exchange/infosecmedia/media_attachments/files/109/400/596/300/545/254/original/957fcbd8868e6c05.png

Public

Embed Notice

HTML Code

Corresponding Notice