Technology and Science

Home » Lifestyle » Technology and Science

Avatar photo

By Faizel Patel

Senior Digital Journalist

3 minute read

8 Aug 2022

04:27 pm

Twitter fixes security flaw which may have exposed over 5 million accounts

Twitter did not share how many accounts were affected, but it did say the breach potentially affected users with pseudonymous accounts.

Photo: iStock

Social media giant Twitter has fixed a new security vulnerability which enabled hackers to find out if a phone number or email address was associated with an existing account by just entering these pieces of information into the log-in flow.

The bug left the identities of millions of secret accounts exposed.

In a blog post, Twitter said it fixed the issue after receiving are report last January, through its bug bounty programme.

“As a result of the vulnerability, if someone submitted an email address or phone number to Twitter’s systems, Twitter’s systems would tell the person what Twitter account the submitted email addresses or phone number was associated with, if any.”

“This bug resulted from an update to our code in June 2021. When we learned about this, we immediately investigated and fixed it. At that time, we had no evidence to suggest someone had taken advantage of the vulnerability,” Twitter said.

ALSO READ: Meta announces expansion of NFT support on Instagram

However, the bug report came too late because some bad actors had already exploited the flaw.

“In July 2022, we learned through a press report that someone had potentially leveraged this and was offering to sell the information they had compiled. After reviewing a sample of the available data for sale, we confirmed that a bad actor had taken advantage of the issue before it was addressed.”

“According to a Bleeping Computer report, a hacker sold a database containing phone numbers and email addresses tied to 5.4 million accounts via a hacker forum for $30 000.

Android Central reports that Twitter did not share how many accounts were affected, but it did say the breach potentially affected users with pseudonymous accounts.

“The database for sale, according to Bleeping Computer, contains information “about various accounts, including celebrities, companies, and random users.”

Twitter said it will notify account owners affected by this vulnerability.

How to Protect Your Account

“If you operate a pseudonymous Twitter account, we understand the risks an incident like this can introduce and deeply regret that this happened. To keep your identity as veiled as possible, we recommend not adding a publicly known phone number or email address to your Twitter account.

“While no passwords were exposed, we encourage everyone who uses Twitter to enable 2-factor authentication using authentication apps or hardware security keys to protect your account from unauthorised logins.

“If you’re concerned about the safety of your account, or have any questions about how we protect your personal information, you can reach out to our Office of Data protection,” Twitter said.

ALSO READ: Twitter tests new “Status” feature

Read more on these topics

hackers Social Media Twitter

Catch up with the latest news from The Citizen on WhatsApp by following our channel. Click here to join.

EDITOR'S CHOICE

News Mapisa-Nqakula asked for state funding in corruption case
Courts Senzo Meyiwa murder suspect thought case was ‘dead’ before DNA sample was taken
Local News Robbers stab pupil outside Pietermaritzburg school
Celebs And Viral ‘Not kiff, siff’ – The Kiffness’ election meme gets Mzansi’s panties in a twist
Courts Controversial businessman Mthunzi Mdwaba told to cough up as UIF contract set aside

Click here to get The Citizen news and updates on Whatsapp.

Find out more

RELATED ARTICLES

Access premium news and stories

Access to the top content, vouchers and other member only benefits

Subscribe