Twitter confirms that a data breach has affected millions of accounts

Twitter confirms that a data breach has affected millions of accounts

On 5th August 2022, Twitter released a security advisory saying,

“In January 2022, we received a report through our bug bounty program of a vulnerability in Twitter’s systems. As a result of the vulnerability, if someone submitted an email address or phone number to Twitter’s systems, Twitter’s systems would tell the person what Twitter account the submitted email addresses or phone number was associated with, if any. ”

“This bug resulted from an update to our code in June 2021. When we learned about this, we immediately investigated and fixed it. At that time, we had no evidence to suggest someone had taken advantage of the vulnerability.”

Twitter says that they can’t exactly say the people who has been effected but will notify the account owners who are affected from this breach. According to bleeping computer a cybersecurity news platform around 5,485,636 Twitter user’s data has been gathered by the threat actors.

This vulnerability has allowed threat actor to gather information such as phone number, email address, and scraped public information, such as follower counts, screen name, login name, location, profile picture URL, and other information. These data has helped in creating profiles of 5.4 million Twitter users in December 2021.

“We are publishing this update because we aren’t able to confirm every account that was potentially impacted, and are particularly mindful of people with pseudonymous accounts who can be targeted by state or other actors.” Twitter warns all users.

Twitter encourage users to,

  • Enable 2-factor authentication using authentication apps or hardware security keys to protect your account from unauthorized logins.
  • If a pseudonymous Twitter account, to keep the identity as anonymous as possible by not adding a publicly known phone number or email address on your Twitter account.

Sources: