A Twitter safety vulnerability allowed a foul actor to be taught the account names related to sure electronic mail addresses and cellphone numbers (and sure, that might embody your secret celeb accounts), Twitter confirmed on Friday. Twitter initially patched the difficulty in January after receiving a report by way of its bug bounty program, however a hacker managed to use the flaw earlier than Twitter knew about it.
The vulnerability, which resulted from an replace the platform made to its code in June 2021, went unnoticed till earlier this yr. That gave hackers a number of months to use the flaw, although Twitter mentioned it had “no proof to counsel anybody exploited the vulnerability” on the time of its discovery.
Final month’s report from Bleeping Laptop urged in any other case and revealed hacker managed to use the vulnerability whereas flying underneath Twitter’s radar. The hacker allegedly amassed a database of greater than 5.four million accounts by benefiting from the flaw after which tried to promote the knowledge on a hacker discussion board for $30,000. After reviewing the information posted on the discussion board, Twitter confirmed that its person knowledge had been compromised.
Nevertheless, it is unclear what number of customers have been really affected, and Twitter would not appear to know both. Whereas Twitter says it plans to inform affected customers, it’s not “in a position to verify each account that was doubtlessly affected.” Twitter advises anybody involved about their secret accounts to activate two-factor authentication, in addition to connect a private electronic mail deal with or cellphone quantity to the account they do not wish to be related to.
