8 August 2022

Twitter confirms recent data breach was caused by a vulnerability


Twitter confirms recent data breach was caused by a vulnerability

Twitter has officially confirmed that a security vulnerability in its code led to the exposure of user information. The company said in a blog post that a malicious actor took advantage of the issue before it was identified and fixed.

“In January 2022, we received a report through our bug bounty program of a vulnerability in Twitter's systems. As a result of the vulnerability, if someone submitted an email address or phone number to Twitter’s systems, Twitter's systems would tell the person what Twitter account the submitted email addresses or phone number was associated with, if any. This bug resulted from an update to our code in June 2021. When we learned about this, we immediately investigated and fixed it. At that time, we had no evidence to suggest someone had taken advantage of the vulnerability,” Twitter wrote.

In July, media reports emerged that a database containing account details of over 5.4 million Twitter users was put up for sale on a hacker forum for $30,000. The database included information about various accounts, including celebrities, companies, and random users. After analyzing a sample of the available data for sale, Twitter confirmed that its user data had been compromised.

While Twitter said it is notifying the account owners affected by the breach, the company didn’t disclose the number of impacted users as “we aren’t able to confirm every account that was potentially impacted, and are particularly mindful of people with pseudonymous accounts who can be targeted by state or other actors.”


Back to the list

Latest Posts

Free VPN apps on Google Play turned Android devices into residential proxies

Free VPN apps on Google Play turned Android devices into residential proxies

The threat actor behind this scheme profits by selling access to the residential proxy network to third parties.
28 March 2024
Cyber spies strike Indian government and energy sectors

Cyber spies strike Indian government and energy sectors

The operation involved phishing emails delivering the HackBrowserData info-stealer.
28 March 2024
Spyware makers and state-backed hackers are primary culprits behind rise in zero-day exploits, Google says

Spyware makers and state-backed hackers are primary culprits behind rise in zero-day exploits, Google says

97 zero-day flaws were exploited in-the-wild in 2023, marking an increase of over 50% compared to 2022.
27 March 2024