follow small toolsTwitter confirmed the information on the company’s blog on Friday, saying a bad guy exploited the 0-day vulnerability before the company was aware of it and patched it in January 2022. The vulnerability was discovered by a security researcher who reached out to Twitter through the company’s bug bounty program.
Incident affects over 5 million Twitter users
When Twitter first learned of the bug, the company said there was “no evidence” that the bug had been exploited.However, someone told beeping computer Last month, the individual exploited the flaw to gain access to data on more than 5.4 million accounts. Twitter said it could not confirm how many users were affected by the leak. The vulnerability allows an attacker to see if an email address or phone number is associated with an existing Twitter account. They can use this information to identify the account owner.
“We’re releasing this update because we’re unable to identify every account that may be affected, and are paying particular attention to anonymous accounts that may be targeted by states or other actors. Pepper. If you’re running a Twitter account with a nickname, we’re aware of such the risk that the incident may pose, and deeply regret that it happened,” Twitter said.
Twitter said it will directly notify any account owner who can confirm that it was affected by the leak. For users trying to hide their identities, the company advises against adding public phone numbers or email addresses to their accounts. The company is also advising users to add two-factor authentication to their accounts.