twitter账号出售（twitter小号购买）

Twitter said it is investigating the authenticity of a batch of information connected to 5.4 million accounts that is being sold on a hacking forum.

Twitter表示，它正在调查与黑客论坛上出售的540万个账户相关信息的真实性。

First reported by RestorePrivacy, the hacker – going by the name “devil” – is offering email addresses and phone numbers connected to the accounts. The hacker claimed in the post on Breach Forums that the accounts range from “celebrities, companies, randoms, OGs, etc.”

蕞初由 RestorePrivacy 报道，黑客 – 名为“魔鬼” – 正在提供与帐户相关联的电子邮件地址和电话号码。黑客在 Breach Forums 上的帖子中声称，这些帐户的范围包括“名人、公司、任意的，证务等”。

Researchers immediately tied the post to a vulnerability in Twitter’s platform that was discovered in January by a security researcher who reported the issue through the HackerOne site.

研究人员立即将该帖子与 Twitter 平台上的一个漏洞联系起来，该漏洞由一名安全研究人员在 1 月份通过 HackerOne 网站报告了该问题。

The researcher explained that the vulnerability allowed an attacker to “find a twitter account by it’s phone number/email even if the user has prohibited this in the privacy options.”

研究人员解释说，该漏洞允许攻击者“通过其电话号码/电子邮件找到一个 Twitter 帐户，即使用户已在隐私选项中禁止这样做。”

“The vulnerability allows any party without any authentication to obtain a twitter ID of any user by submitting a phone number/email even though the user has prohibited this action in the privacy settings. The bug exists due to the process of authorization used in the Android Client of Twitter, specifically in the process of checking the duplication of a Twitter account,” the researcher, who goes by “zhirinovskiy,” explained.

“该漏洞允许未经任何身份验证的任何一方通过提交电话号码/电子邮件来获取任何用户的 Twitter ID，即使用户已在隐私设置中禁止此操作。该漏洞的存在是由于 Twitter 的 Android 客户端中使用的授权过程，特别是在检查 Twitter 帐户重复的过程中。

“This is a serious threat, as people can not only find users who have disabled discoverability by email/phone number, but any attacker with a basic knowledge of scripting/coding can enumerate a big chunk of the Twitter user base unavailable to enumeration prior . Such bases can be sold to malicious parties for advertising purposes, or for the purposes of targeting celebrities in different malicious activities. Short: this can lead to a loss of privacy for many users.”

“这是一个严重的威胁，因为人们不仅可以通过电子邮件/电话号码找到禁用可发现性的用户，而且任何具有脚本/编码基本知识的攻击者都可以枚举出之前无法枚举的大量 Twitter 用户群。此举可以出售给恶意方用于广告目的，或用于针对不同恶意活动的名人。简而言之：这可能会导致许多用户失去隐私。”

Twitter acknowledged the issue on January 6, paid a $5,040 bounty and resolved the vulnerability by January 13. The researcher confirmed that the vulnerability was fixed that same day.

Twitter 在 1 月 6 日承认了这个问题，并支付了 5,040 美元的赏金并在 1 月 13 日之前解决了该漏洞。研究人员确认该漏洞已在同一天得到修复。

RestorePrivacy verified with the hacker “devil” that the information in the database is legitimate and was told that they are selling it for “nothing lower than 30k.”

RestorePrivacy 与黑客“魔鬼”核实数据库中的信息是合法的，并被告知他们以“不低于 30k”的价格出售。

On Friday, a Twitter spokesperson told The Record that the company is “reviewing the latest data to verify the authenticity of the claims and ensure the security of the accounts in question.”

周五，Twitter 发言人告诉 The Record，该公司正在“审查蕞新数据，以验证其真实性并确保相关账户的安全性。”

“We received a report of this incident several months ago through our bug bounty program, immediately investigated thoroughly and fixed the vulnerability. As always, we’re committed to protecting the privacy and security of the people who use Twitter,” the Twitter spokesperson said.

“几个月前，我们通过漏洞赏金计划收到了有关此事件的报告，立即彻底调查并修复了漏洞。与往常一样，我们致力于保护 Twitter 用户的隐私和安全，”Twitter 发言人表示。

“We’re grateful to the security community who engages in our bug bounty program to help us identify potential vulnerabilities such as this. We are reviewing the latest data to verify the authenticity of the claims and ensure the security of the accounts in question.”

“我们感谢参与我们的漏洞赏金计划的安全社区，以帮助我们识别诸如此类的潜在漏洞。我们正在审查蕞新数据，以验证索赔的真实性并确保相关账户的安全。”

Twitter did not respond to requests for comment about what would be done for the accounts in question once they confirm the database has legitimate information.

Twitter没有回应一旦确认数据库具有合法信息后将如何处理相关帐户的评论请求。

慎终如始，则无败事。

——《道德经.弟六十四章》

本文翻译自：

https://therecord.media/twitter-investigating-authenticity-of-5-4-million-accounts-for-sale-on-hacking-forum/

如若转载，请注明原文地址

翻译水平有限 🙁

有歧义的地方，请以原文为准 ：）

海外精品引流脚本–最强海外引流  

官网：www.facebook18.com

唯一TG：https://t.me/Facebook181818