A safety vulnerability on Twitter allowed a foul actor to seek out out the account names related to sure e-mail addresses and telephone numbers (and sure, that would embody your secret movie star stan accounts), Twitter confirmed on Friday. Twitter initially patched the problem in January after receiving a report via its bug bounty program, however a hacker managed to take advantage of the flaw earlier than Twitter even knew about it.
The vulnerability, which stemmed from an replace the platform made to its code in June 2021, went unnoticed till earlier this yr. This gave hackers a number of months to take advantage of the flaw, though Twitter stated it “had no proof to counsel somebody had taken benefit of the vulnerability” on the time of its discovery.
Final month’s report from Bleeping Computer prompt in any other case, and revealed {that a} hacker managed to take advantage of the vulnerability whereas it flew underneath Twitter’s radar. The hacker reportedly amassed a database of over 5.4 million accounts by making the most of the flaw, after which tried to promote the data on a hacker discussion board for $30,000. After analyzing the information posted to the discussion board, Twitter confirmed that its person knowledge had been compromised.
It’s nonetheless unclear what number of customers have truly been affected although, and Twitter doesn’t appear to know, both. Whereas Twitter says it plans on notifying affected customers, it isn’t “in a position to affirm each account that was doubtlessly impacted.” Twitter advises anybody involved about their secret accounts to allow two-factor authentication, in addition to to connect an e-mail tackle or telephone quantity that isn’t publicly identified to the account they don’t need to be related to.