HomeNewsTwitter Fixes vulnerability that could have exposed over 5 million accounts.

Twitter Fixes vulnerability that could have exposed over 5 million accounts.

Twitter Fixes vulnerability that could have exposed over 5 million accounts.

Twitter says it has closed a security hole that allowed hackers to collect data on more than 5 million accounts and then sell it on a well-known underground marketplace for cybercrime.

Because of this flaw, the real identities of people behind pseudonymous accounts on Twitter could have been revealed if they had entered the phone number or email address of a known user.

In a brief statement released on Friday, the microblogging giant explained that its “systems would tell the person what Twitter account, if any, the submitted email addresses or phone numbers were associated with.”

Six months after the bug was introduced to Twitter’s codebase, in January, it was finally patched thanks to a bug bounty report by a security researcher who was paid $6,000 for reporting the flaw.

The bug bounty report stated that this flaw could be exploited to “create a database” or “enumerate a big chunk of the Twitter user base,” and thus posed a “serious threat” to users with private or pseudonymous accounts. This is very similar to a bug that was found at the end of 2019 and allowed a security researcher to link 17 million phone numbers to their respective Twitter accounts.

The scientist’s warning, however, arrived too late. Within that six-month window, hackers were able to compile a list of 5.4 million Twitter users’ email addresses and phone numbers.

Twitter said it found out about the abuse through an unnamed media report in July. The report uncovered a listing on a cybercrime forum boasting to have user data “from celebrities to companies,” as well as “OGs,” which are unique or highly sought-after social media and gaming usernames.

Twitter said that it had “confirmed that a bad actor had taken advantage of the issue before it was addressed” after reviewing a sample of the data for sale. All users whose accounts we are able to verify as being compromised will be notified directly.

It’s the most recent Twitter security breach in recent memory. When users set up two-factor authentication on Twitter, the company obtained their phone numbers and emails and then used them for targeted advertising without their permission, prompting Twitter to settle with the Federal Trade Commission in May for $150 million.


Follow Tech n Spice on TwitterFacebook and subscribe to our YouTube channel for the latest videos tech newsleakstips & tricks, top-notch gadget reviews of the most interesting releases, and some Automobile NewsAlso, follow us on Google News for the latest updates.

DisclosureSome of the links in the website are affiliate links, meaning that at no additional cost to you but, we will receive a commission if you click through and make a purchase.

I am a Tech Enthusiastic fond of new gadgets. I always strive to be Simple and unbiased in my Content. My hobbies are to watch movies and videography.



Related Stories