Twitter recentlyadmit, a vulnerability in its platform code led to a data breach late last year. Malicious hackers allegedly exploited the zero-day vulnerability before Twitter became aware of it in January and patched it. The researcher who initially discovered the vulnerability reported the issue to Twitter through a bounty program, but Twitter concluded that after an investigation there was “no evidence” that the vulnerability had been exploited.But then someone Bleeping Computer Revealed that he has actually used this vulnerability to obtain data on more than 5.4 million Twitter accounts. The exploit allows hackers to determine whether an email address or phone number is associated with an existing Twitter account, which in turn can be used to identify the account owner.
For this matter, Twitter said it could not confirm the actual scope of the leak. “The reason we’re releasing this update is because we’re unable to identify every account that may be affected, and especially those with pseudonymous accounts that may be targeted by certain countries or malicious actors,” Twitter wrote. ” If you are using a pseudonymous account, we are well aware of the risks this type of incident can pose and we deeply regret that this happened.”
Next, Twitter will directly notify each account holder that may be exposed, and for those who wish to hide their identity, they recommend not adding a public phone number or email address to the account, and to enable two-step verification to report safety.
–