Powered by

Get Hosting
Twitter just acknowledged a code flaw that led to a data leak of 5.4 million users

Twitter just acknowledged a code flaw that led to a data leak of 5.4 million users

Twitter just confirmed a new vulnerability in their code that led to a data exposure late last year. According to a new blog the company posted on Friday, they said that a malicious actor took advantage of a zero-day flaw before the company became aware of that and patched the issue in January, this year. This was discovered by a security researcher who contacted the company through a bug bounty program.

When the company first learned about the flaw, they said that they had no evidence to suggest that it had been exploited. However, an individual code bleeping computer took advantage of the vulnerability to obtain data on more than 5.4 million accounts. Would have said that they could not confirm how many users were affected by this exposure as it allowed the bad actor to determine whether an email address or phone number was linked to an existing Twitter account and in turn, they will use that information to determine the identity of an account’s owner. According to a statement by Twitter, “We are publishing this update because we aren’t able to confirm every account that was potentially impacted, and are particularly mindful of people with pseudonymous accounts who can be targeted by state or other actors, If you operate a pseudonymous Twitter account, we understand the risks an incident like this can introduce and deeply regret that this happened.”

Twitter said that they would directly notify every account owner they could confirm was affected by this exposure, and for users trying to keep their identity hidden, the company recommends not adding a publicly known phone number or e-mail address to an account, suggesting adding two-factor authentication to it.

Twitter just acknowledged a code flaw that led to a data leak of 5.4 million users

Twitter just acknowledged a code flaw that led to a data leak of 5.4 million users

Twitter just confirmed a new vulnerability in their code that led to a data exposure late last year. According to a new blog the company posted on Friday, they said that a malicious actor took advantage of a zero-day flaw before the company became aware of that and patched the issue in January, this year. This was discovered by a security researcher who contacted the company through a bug bounty program.

When the company first learned about the flaw, they said that they had no evidence to suggest that it had been exploited. However, an individual code bleeping computer took advantage of the vulnerability to obtain data on more than 5.4 million accounts. Would have said that they could not confirm how many users were affected by this exposure as it allowed the bad actor to determine whether an email address or phone number was linked to an existing Twitter account and in turn, they will use that information to determine the identity of an account’s owner. According to a statement by Twitter, “We are publishing this update because we aren’t able to confirm every account that was potentially impacted, and are particularly mindful of people with pseudonymous accounts who can be targeted by state or other actors, If you operate a pseudonymous Twitter account, we understand the risks an incident like this can introduce and deeply regret that this happened.”

Twitter said that they would directly notify every account owner they could confirm was affected by this exposure, and for users trying to keep their identity hidden, the company recommends not adding a publicly known phone number or e-mail address to an account, suggesting adding two-factor authentication to it.