Twitter confirms vulnerability of exposed data of anonymous account owners
Twitter has confirmed that a vulnerability in its code led to data exposure late last year. In a blog post published on Friday, the company said a malicious actor took advantage of a zero-day flaw before becoming aware of it and patching the problem in January 2022. The vulnerability was discovered by a researcher in security who contacted Twitter via the company bug. bounty program.
When Twitter first learned of the flaw, it said it had "no evidence" to suggest it had been exploited. However, one person told Bleeping Computer last month that they took advantage of the vulnerability to obtain data on more than 5, 4 million accounts. Twitter said it could not confirm the number of users affected by the exposure. The vulnerability allowed the bad actor to determine if an email address or phone number was linked to an existing Twitter account. In turn, they could use this information to determine the identity of an account's owner.
“We are issuing this update because we are unable to confirm all potentially impacted accounts, and are particularly mindful of individuals with pseudonymous accounts who may be targeted by the state or other actors,” said Twitter. "If you are operating a pseudonymous Twitter account, we understand the risks an incident like this can introduce and we deeply regret that this has happened."
Twitter said it would directly notify any account owners it could confirm were affected by the exposure. For users trying to keep their identity hidden, the company recommends not adding a publicly known phone number or email address to an account. He also suggests adding two-factor authentication.
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you purchase something through one of these links, we may earn an affiliate commission.
Twitter has confirmed that a vulnerability in its code led to data exposure late last year. In a blog post published on Friday, the company said a malicious actor took advantage of a zero-day flaw before becoming aware of it and patching the problem in January 2022. The vulnerability was discovered by a researcher in security who contacted Twitter via the company bug. bounty program.
When Twitter first learned of the flaw, it said it had "no evidence" to suggest it had been exploited. However, one person told Bleeping Computer last month that they took advantage of the vulnerability to obtain data on more than 5, 4 million accounts. Twitter said it could not confirm the number of users affected by the exposure. The vulnerability allowed the bad actor to determine if an email address or phone number was linked to an existing Twitter account. In turn, they could use this information to determine the identity of an account's owner.
“We are issuing this update because we are unable to confirm all potentially impacted accounts, and are particularly mindful of individuals with pseudonymous accounts who may be targeted by the state or other actors,” said Twitter. "If you are operating a pseudonymous Twitter account, we understand the risks an incident like this can introduce and we deeply regret that this has happened."
Twitter said it would directly notify any account owners it could confirm were affected by the exposure. For users trying to keep their identity hidden, the company recommends not adding a publicly known phone number or email address to an account. He also suggests adding two-factor authentication.
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you purchase something through one of these links, we may earn an affiliate commission.
What's Your Reaction?
![Three of ID's top PR executives quit ad firm Powerhouse [EXCLUSIVE]](https://variety.com/wp-content/uploads/2023/02/ID-PR-Logo.jpg?#){kind=logo}
