QUICK LINKS

×
  • Tech - News - Tech Companies
  • Updated: August 05, 2022

Twitter Resolves Security Flaw That Exposed At Least 5.4 Million Accounts

Latest News

Lawrence Agbo
Lawrence Agbo

Lawrence is a vibrant journalist that loves creating SEO-focused content that drives businesses. ...

More From this Author

Social media giant Twitter claims to have patched a security hole that allowed threat actors to gather data from 5.4 million accounts that were offered for sale on a well-known marketplace for cybercrime.

The flaw potentially exposed the real identities of pseudonymous accounts by allowing anyone to enter a known user's phone number or email address and find out if it was connected to an active Twitter account.

Twitter claimed in a succinct statement released on Friday that "if someone submitted an email address or phone number to Twitter's systems, Twitter's systems would tell the person what Twitter account the submitted email address or phone number was associated with if any.

"Six months after the flaw was first added to Twitter's software, the company says it was addressed in January as a result of a bug bounty report from a security researcher who received $6,000 for revealing the vulnerability.

The vulnerability could be used to "build a database" or count "a significant portion of the Twitter user base," according to the bug bounty report, and posed a risk to users who have private or pseudonymous accounts.

A security researcher was able to link 17 million phone numbers to Twitter accounts thanks to a flaw that was found in late 2019.

However, the researcher's advice was too late.

During that six-month period, hackers had already used the flaw to compile a database of 5.4 million Twitter account email addresses and phone numbers.

According to Twitter, it learned about the exploitation from an unnamed press report published in July that uncovered a listing on a forum for cybercriminals that claimed to have user information on "celebrities to companies" and "OGs," which is a term for unique or highly desired social media and gaming usernames.

“After reviewing a sample of the available data for sale, we confirmed that a bad actor had taken advantage of the issue before it was addressed,” Twitter said. 

“We will be directly notifying the account owners we can confirm were affected by this issue.”

The most recent security incident to affect Twitter in recent years is this one.

Twitter reached a settlement with the Federal Trade Commission in May and agreed to pay $150 million after the business exploited users' phone numbers and email addresses that they provided to set up two-factor authentication for targeted advertising.

Tags

Join our Telegram platform to get news update Join Now
Lawrence Agbo
Lawrence Agbo

Lawrence is a vibrant journalist that loves creating SEO-focused content that drives businesses. ...

More From this Author

COMPANIES PROFILE

afromedia plc Services

Afromedia plc is a Nigeria-based company engaged in outdoor advertising. The com...

LEARN MORE
ikeja hotel plc Services

The company was first founded in 1985,its major objective of the company was to ...

LEARN MORE
medview airline plc Services

Medview airline plc was founded in 2007 as a charter airline, mainly operating H...

LEARN MORE

0 Comment(s)

SPONSORED

Nov 25, 2020

2023 Presidency: Would you vote for APC again in 2023?

2023 Presidency: Would you vote for APC again in 2023?

Yes 27.67%

No 72.33%

135 days 20 hours remain

See this post in...