The statement ‘better late than never’ certainly applies to Twitter’s behavior as the company is finally seen finding a solution to a security vulnerability issue that is the latest to hit the firm in recent years.
revealed Twitter how it got to the bottom of a flaw that was exposing user data belonging to nearly 5.4 million accounts on the app. A number of threat actors managed to bypass the application’s security checkpoints and compile sensitive data.
That information was then being offered for sale on a top cybercrime forum, the company’s new report found.
More details showed how the security threat allowed any individual to break in by simply adding relevant information about user accounts. Therefore, this can be possible by simply adding an email ID or perhaps a phone number of the known user.
The details were then checked to see if they were indeed linked to an account on the app, and if so, the technique went on to expose the user identities of countless accounts.
We found all this out on Friday when Twitter revealed the shocking news via a blog post that shed light on the matter.
The statement mentioned that any user who submitted their IDs or email number to the app’s systems would be responsible for exposing their identity as Twitter’s system was built in a way that would allow it.
He therefore warned against such practices and told people to be aware, making sure they were aware of what was happening.
Interestingly, the company revealed how they had actually gone about fixing the bug associated with the same problem in January this year. But six months later, the fact that we’re still talking about it means that things either weren’t done right or the bug really did manage to resurface.
Details of the flaw and its entry into Twitter’s codebase were described by a researcher who was rewarded with $6,000 for the discovery. After that, a report was created that spoke in detail about how the threat was serious to all account holders on the app.
Therefore, private account holders were most at risk and their information would potentially be used to create an entire database.
We may best remember this incident as similar to the one seen during the latter part of 2019, where a security analyst was able to line up the phone numbers of almost 17 million users and link them to accounts corresponding in the application.
But in this case, we certainly think the warning from the researcher came a bit late, as that six-month period was enough for the flaw to leak the user account details of more than 5 million users, which is actually a lot of information.
Twitter recently revealed how it came to know about all this type of exploit only thanks to a press release that was published last month.
He talked about the data of Twitter account holders being for sale in an online forum and this really raised the alarm for many people as the site was a known cyber crime destination.
Ordinary people whose data was sold included celebrities and firms, as well as other in-demand personalities from today’s gaming and social media worlds.
Twitter says they are now busy informing all their respective account holders who may have been affected by the bug.
Clearly, this is a massive incident that has really hit the app hard lately with many users shocked at how easily the bug managed to defeat the security protocols in place.
Read more: Twitter lawyers attack Elon Musk, saying his tool once classified him as a robot
