A security vulnerability on Twitter allowed a bad actor to trace account names associated with certain email addresses and phone numbers (and yes, this could include your secret celebrity Stan accounts), Twitter confirmed on Friday, Twitter initially resolved the issue in January after receiving a report through its bug bounty program, but a hacker managed to exploit the flaw before Twitter became aware of it.
The vulnerability, which stemmed from an update to the platform made to its code in June 2021, went unnoticed until earlier this year. This gave hackers several months to exploit the flaw, although Twitter said it had “no evidence to suggest anyone exploited the vulnerability” at the time of its discovery.
last month’s report bleeding computer suggested otherwise, and revealed that a hacker managed to exploit the vulnerability while it flew under Twitter’s radar. The hacker allegedly took advantage of the flaw to collect a database of more than 5.4 million accounts, and then tried to sell the information for $30,000 on a hacker forum. After analyzing data posted on the platform, Twitter confirmed that its user data had been compromised.
It’s still unclear exactly how many users have been affected, and Twitter doesn’t even know. While Twitter says it plans to notify affected users, it “has not been able to confirm every account that is likely to be affected.” Twitter advises anyone concerned about their secret accounts to enable two-factor authentication, as well as attach an email address or phone number that is not publicly known to the account they are not associated with. want.