8 August 2022

Twitter confirms recent data breach was caused by a vulnerability


Twitter confirms recent data breach was caused by a vulnerability

Twitter has officially confirmed that a security vulnerability in its code led to the exposure of user information. The company said in a blog post that a malicious actor took advantage of the issue before it was identified and fixed.

“In January 2022, we received a report through our bug bounty program of a vulnerability in Twitter's systems. As a result of the vulnerability, if someone submitted an email address or phone number to Twitter’s systems, Twitter's systems would tell the person what Twitter account the submitted email addresses or phone number was associated with, if any. This bug resulted from an update to our code in June 2021. When we learned about this, we immediately investigated and fixed it. At that time, we had no evidence to suggest someone had taken advantage of the vulnerability,” Twitter wrote.

In July, media reports emerged that a database containing account details of over 5.4 million Twitter users was put up for sale on a hacker forum for $30,000. The database included information about various accounts, including celebrities, companies, and random users. After analyzing a sample of the available data for sale, Twitter confirmed that its user data had been compromised.

While Twitter said it is notifying the account owners affected by the breach, the company didn’t disclose the number of impacted users as “we aren’t able to confirm every account that was potentially impacted, and are particularly mindful of people with pseudonymous accounts who can be targeted by state or other actors.”


Back to the list

Latest Posts

Cyber security week in review: September 23, 2022

Cyber security week in review: September 23, 2022

The world in brief: Cryptomarket maker Wintermute robbed of $160M in a hack, old Python bug potentially affects 350,000 open-source projects, and more.
23 September 2022
Unpatched 15-year-old Python vulnerability puts at risk over 350,000 open-source projects

Unpatched 15-year-old Python vulnerability puts at risk over 350,000 open-source projects

The vulnerable Python tarfile module is found extensively in frameworks created by Netflix, AWS, Intel, Facebook, Google and other software.
22 September 2022
Malicious actors continue to abuse Google Tag Manager tool to install e-skimmers

Malicious actors continue to abuse Google Tag Manager tool to install e-skimmers

The researchers said they discovered three variants of malicious scripts hidden within GTM containers that function either as e-skimmers or as downloaders for installing e-skimmers.
21 September 2022