News
Twitter Admits Data Breach Compromised Anonymous Accounts
Twitter has released an official statement admitting that it was unable to confirm the number of profiles exposed, but expects the figure to top 5.4 million.
Twitter has released a statement acknowledging that in December 2020, a coding error resulted in a data breach of user information. A hacker exploited the flaw before it was discovered and subsequently patched in January 2022.
The vulnerability allowed malicious actors to submit an email address or phone number to verify if it was associated with an existing Twitter account. Hackers could then access the associated account ID, linking the information together.
A researcher uncovered the coding flaw through Twitter’s Bug Bounty program. The social media giant claimed that the vulnerability hadn’t been exploited before engineers were made aware of the issue. However, a hacker who contacted the website Bleeping Computer disputed the official narrative, claiming to have gained access to over 5.4 million user accounts via the flawed code and offering to sell the data for $30,000.
After reviewing the compiled database, Twitter responded with an official statement:
“Because we can’t verify every account that may have been affected, we’re releasing this alert because we’re particularly concerned about people using pseudonymous accounts who may be targeted by the state or other actors. If you use a pseudonymous Twitter account, we realize the hazards that an occurrence like this might bring and we profoundly regret that this happened.”
Also Read: Report Highlights $7.45 Million In Damages From Data Breaches Across The Middle East
Owners of accounts that have been compromised due to the data breach will be notified by direct message from Twitter, with the company advising those who wish to remain anonymous online not to associate a publicly available email or phone number with their account.
Because two or more individuals have already purchased and gained access to the leaked data, users should be wary of targeted phishing scams trying to gain access to login credentials. Although no passwords were revealed during the initial breach, Twitter advises all users to adopt two-factor authentication for an extra layer of security.