Twitter Screwed Up, Exposing 5.4 Million Accounts

August 05, 2022 at 23:14

Twitter Screwed Up, Exposing 5.4 Million Accounts

Twitter has confirmed that a serious system vulnerability that allows a hacker to steal sensitive information like linked phone number and email address for an account was exploited earlier this year, but it has now been patched. The vulnerability was associated with Twitter's log-in flow, where a bad actor could enter a phone number or email address, and find out what Twitter account was associated with it.

The social media platform was made aware of the incident in January 2022, and a patch was immediately issued, but not before it was abused to steal the data of 5.4 million accounts. Twitter says no passwords were leaked as part of the hack, however, the company is yet to identify all the accounts affected. The company will be reaching out to the accounts that it knows were targeted, notifying the owners that their account data was up for grabs on a dark web forum.

While 5.4 million is a staggering number in itself, the risks are high for pseudonymous accounts that want to hide their identity for various reasons. The best example would be whistleblower accounts, which face risks of retaliatory action from deep-pocket companies as well as state agencies.