A Twitter breach has allowed hackers to find the account names and email addresses associated with millions of accounts.
This includes accounts of people who prefer to keep their information pseudonymous, such as whistleblowers and celebrity accounts.
“We want to make you aware of a vulnerability that allowed someone to enter a phone number or email address in the login stream in an attempt to learn whether that information was associated with an existing Twitter account, and if so, which one specific account,” said Twitter in a blog post confirming the attack.
He also said there is nothing users can do to protect their information in this matter, but users should enable two-factor authentication on all accounts to better protect against future breaches.
Twitter received a report earlier this year about a vulnerability in its system where if someone submitted an email address or phone number to Twitter’s systems, Twitter’s systems would tell the person what Twitter account the addresses were associated with email address or phone number submitted. , if any.
This bug started in June 2021, with Twitter fixing the problem. The company said at the time that there was no evidence of a malicious individual using the exploit, but that changed in July 2022 when it was reported that information on over 5.4 million accounts was being sold on a hacker forum for $30,000.
“Hello, today I present to you the data collected for many users using Twitter through a vulnerability. (5485636 users to be exact),” the forum post that sells Twitter data reads, as reported by Bleeping Computer. “These users range from celebrities, to companies, to casuals, OGs, etc.”
Twitter says it will “directly notify owners of accounts that we can confirm have been affected by this issue,” adding that it is “publishing this update because we are unable to confirm every account that was potentially affected and are particularly concerned people-conscious. with pseudonymous accounts that may target state actors or others.”
