Hackers exploit Twitter vulnerability to expose 5.4 million accounts


Twitter revealed on Friday that a now-patched zero-day bug was being used to link phone numbers and emails to user accounts on the social media platform.

“As a result of the vulnerability, if someone submitted an email address or phone number to Twitter’s systems, Twitter’s systems would tell the person which Twitter account the submitted email address or phone number was associated with, if any.” , the company said. said in an opinion.

Twitter said the bug, what it was notified of January 2022, resulted from a code change implemented in June 2021. As a result of the incident, no passwords were released.

The six-month delay in making this public stems from new evidence last month that an unidentified actor may have exploited the pre-fix flaw to scrape user information and sell it for a profit on Infringement Forums.

While Twitter has not disclosed the exact number of users affected, the threat actor forum post shows that the flaw was exploited to compile a list of allegedly more than 5.48 million user account profiles.

Restore privacy, what: revealed the breach late last month said the database was being sold for $30,000.

Twitter stated that it is in the process of directly notifying account owners affected by the issue, while also urging users to enable two-factor authentication to protect against unauthorized logins.

The development comes as Twitter agreed in May to pay a $150 million fine to settle a lawsuit from the U.S. Department of Justice alleging that between 2014 and 2019, the company held information account holders security authentication were provided for advertising purposes without their permission.