hackers-exploit-twitter-vulnerability-to-exposes-5.4-million-accounts

Share news article

Share on facebook
Share on twitter
Share on linkedin
Share on email

Hackers Exploit Twitter Vulnerability to Exposes 5.4 Million Accounts

Twitter on Friday revealed that a now-patched zero-day bug was used to link phone numbers and emails to user accounts on the social media platform.

“As a result of the vulnerability, if someone submitted an email address or phone number to Twitter’s systems, Twitter’s systems would tell the person what Twitter account the submitted email addresses or phone number was associated with, if any,” the company said in an advisory.

Twitter said the bug, which it was made aware of in January 2022, stemmed from a code change introduced in June 2021. No passwords were exposed as a result of the incident.

The six-month delay in making this public stems from new evidence last month that an unidentified actor had potentially taken advantage of the flaw before the fix to scrape user information and sell it for profit on Breach Forums.

Although Twitter didn’t reveal the exact number of impacted users, the forum post made by the threat actor shows that the flaw was presumably exploited to compile a list containing allegedly over 5.48 million user account profiles.

Restore Privacy, which disclosed the breach late last month, said the database was being sold for $30,000.

Twitter stated it’s in the process of directly notifying account owners affected by the issue, while also urging users to turn on two-factor authentication to secure against unauthorized logins.

The development comes as Twitter, in May, agreed to pay a $150 million fine to settle a complaint from the U.S. Justice Department that alleged the company between 2014 and 2019 used information account holders provided for security verification for advertising purposes without their consent.


Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to read more exclusive content we post.

Related News

Hackers using USB drives to spread malware in ongoing attack

Hackers using USB drives to spread malware in ongoing attack

According to a recent post by the cybersecurity firm Mandiant, USB drives are being used to hack targets in Southeast…
AI-Powered Smart Glasses Give Deaf People the Power of Speech

AI-Powered Smart Glasses Give Deaf People the Power of Speech

In a recent example of innovative technology making a positive difference, there is now new artificial intelligence (AI) powered smart…
16,000+ Scam Domains Aimed at FIFA World Cup Fans in Qatar

16,000+ Scam Domains Aimed at FIFA World Cup Fans in Qatar

Seeing as scammers readily jump to capitalize on events with huge global interest, it comes as no surprise that Group-IB…