Twitter has fixed a security vulnerability that exposed information of 5.4 million Twitter accounts. According to a TechCrunch report, they were listed for sale on a cybercrime forum. Twitter received a report through its bug bounty programme of a vulnerability in systems in January 2022.
The microblogging site said in a blog post the vulnerability allowed users to discover Twitter accounts by entering a phone number or an email address of a user exposing the identities of pseudonymous accounts. Twitter fixed the bug and said it had resulted from an update to its code in June 2021.
TechCrunch reported that the breach was similar to a vulnerability in late 2019 that allowed a security researcher to match 17 million phone numbers to Twitter accounts.
Twitter learnt about the exploitation through a press report in July 2022, which found a listing on a cybercrime forum claiming to have user data and offering to sell the information compiled. “After reviewing a sample of the available data for sale, we confirmed that a bad actor had taken advantage of the issue before it was addressed,” Twitter said.
Here is how to protect your Twitter account
Twitter recommends users enable 2-factor authentication to protect accounts from unauthorised logins. The microblogging site added, “We recommend not adding a publicly known phone number or email address to your Twitter account.”
Comments
Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.
We have migrated to a new commenting platform. If you are already a registered user of TheHindu Businessline and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.