Twitter has fixed a security vulnerability that exposed information of 5.4 million Twitter accounts. According to a TechCrunch report, they were listed for sale on a cybercrime forum. Twitter received a report through its bug bounty programme of a vulnerability in systems in January 2022.

The microblogging site said in a blog post the vulnerability allowed users to discover Twitter accounts by entering a phone number or an email address of a user exposing the identities of pseudonymous accounts. Twitter fixed the bug and said it had resulted from an update to its code in June 2021.

TechCrunch reported that the breach was similar to a vulnerability in late 2019 that allowed a security researcher to match 17 million phone numbers to Twitter accounts.

Twitter learnt about the exploitation through a press report in July 2022, which found a listing on a cybercrime forum claiming to have user data and offering to sell the information compiled. “After reviewing a sample of the available data for sale, we confirmed that a bad actor had taken advantage of the issue before it was addressed,” Twitter said.

Here is how to protect your Twitter account

Twitter recommends users enable 2-factor authentication to protect accounts from unauthorised logins. The microblogging site added, “We recommend not adding a publicly known phone number or email address to your Twitter account.”

social-fb COMMENT NOW