Twitter: a hostile actor appears to have taken advantage of a technological flaw that led to 5.4 million accounts data leak

Apps
By Somya Agrawal

According to Twitter, a malicious actor appears to have exploited a technical weakness that put the identities of an undetermined number of owners of anonymous accounts in danger last year. On Friday, it stated that users globally had been disrupted, but it did not support a report that indicated as a result, data on 5.4 million people were made available for purchase online.

The theft is especially troubling because many Twitter users, particularly human rights activists, hide their names in their profiles out of security reasons and/or fear of retaliation from authoritarian authorities. Jeff Kosseff, a data security specialist at the US Naval Academy, tweeted: “This is incredibly bad for anyone who uses anonymous Twitter accounts.”

The bug, according to the company, allowed anyone to determine whether a particular phone number or email address was linked to an active Twitter account during the login process, revealing account owners. No credentials were made public, according to Twitter, and it was not immediately clear how many people might have been affected.

We can confirm that there was a worldwide impact, In an email, a representative of Twitter wrote. “We are unable to determine the exact number of affected accounts or the location of the account holders.”

Twitter addressed the problem in a blog post on Friday in response to a report published last month by the digital privacy advocacy group Restore Privacy that detailed how data allegedly obtained from the vulnerability was being sold on a well-known hacking market for USD 30,000.

A security researcher who discovered the flaw in January also contacted Twitter and allegedly received a $5,000 payment. According to Twitter, the bug, which had been introduced in a June 2021 software update, was swiftly fixed.

As reported in the media, Twitter claimed to have learned about the data sale on the hacker forum and to have “verified that a bad actor had exploited the problem before it was rectified. All account owners whose accounts it can verify were impacted, it claimed, would be immediately notified. The company stated, “We are posting this information because we are unable to confirm every account that was potentially compromised, and we are especially cautious of users using pseudonymous accounts who may be targeted by state or other actors.”

It suggested users not include their email or phone number in their Twitter profile if they wished to keep their identities a secret. The disclosure of the breach coincides with Twitter’s lawsuit against Tesla CEO Elon Musk for attempting to retract his earlier $44 billion deal to buy the San Francisco-based business.


Readers like you help support The Tech Outlook. When you make a purchase using links on our site, we may earn an affiliate commission. We cannot guarantee the Product information shown is 100% accurate and we advise you to check the product listing on the original manufacturer website. Thetechoutlook is not responsible for price changes carried out by retailers. The discounted price or deal mentioned in this item was available at the time of writing and may be subject to time restrictions and/or limited unit availability. Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or its affiliates Read More
Somya Agrawal 762 posts

Having an artistic mind, She likes to find her way through words and put her perspectives boldly. She is flexible and open to working under any circumstances and pressure.

You might also like More from author

Advertisement

More Stories

The Major Gaming Trends In 2023

4 Smartphone Hobbies To Try

Mobile Apps and Sites That Help You Play Along with the NBA…

1 of 116

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More