Twitter fixes security vulnerability exposing 5.4 mln accounts

By Trend

Twitter said on Friday that it has fixed a security
vulnerability that allowed threat actors to compile information of
5.4 million Twitter accounts, Trend reports citing Xinhua.

The vulnerability allowed anyone to enter a phone number or an
email address of a known user and learn if it was tied to an
existing Twitter account, potentially exposing the identities of
pseudonymous accounts.

In a statement released on Friday, the company said, “if someone
submitted an email address or phone number to Twitter’s systems,
Twitter’s systems would tell the person what Twitter account the
submitted email addresses or phone number was associated with, if
any.”

The bug resulted from an update to code in June 2021. After a
bug bounty report by a security researcher, the company
investigated and fixed it in January, Twitter said in the
statement.

According to the bug bounty report, the vulnerability posed a
“serious threat” to users who have private or pseudonymous
accounts, and could be used to “create a database” or enumerate “a
big chunk of the Twitter user base.”

—

Ətraflı

Hackers had already exploited the vulnerability before its
fixation to create a database of email addresses and phone numbers
of 5.4 million Twitter accounts, a report by TechCrunch said.

“After reviewing a sample of the available data for sale, we
confirmed that a bad actor had taken advantage of the issue before
it was addressed,” Twitter said. “We will be directly notifying the
account owners we can confirm were affected by this issue.”

—