Threat actors have recently successfully exploited a vulnerability on Twitter and were able to access the database to see the information of account owners. According to the micro-blogging site, there is a risk for users who prefer to stay anonymous on the platform.
In a statement, the company says anyone who has given an email address or phone number is at risk.
“As a result of the vulnerability, if someone submitted an email address or phone number to Twitter's systems, Twitter's systems would tell the person what Twitter account the submitted email addresses or phone number was associated with, if any,” Twitter warns on a blog post.
It seems the issue stems from the introduction of new code in June 2021. Twitter says this new code was vulnerable and a bug occurred that was initially invisible to the company. Attackers were able to exploit the bug and target the database. Over the course of a campaign, the hackers gathered information on a reported 5.4 million accounts.
It is worth noting Twitter has not confirmed the exact number of compromised accounts, saying in an email to Gadgets 360 that it cannot “determine exactly how many accounts were impacted or the location of the account holders,” but the company does admit the breach was a global-level attack.
Late Fix
Twitter first learned of the bug following a bug bounty. After an investigation, the company confirmed the vulnerability and issued a patch for it. However, at the time Twitter was unaware the bug had already been exploited.
“In July 2022, we learned through a press report that someone had potentially leveraged this and was offering to sell the information they had compiled,” Twitter says. “After reviewing a sample of the available data for sale, we confirmed that a bad actor had taken advantage of the issue before it was addressed.”
Twitter says it will inform all account holders who have been affected by the attack. The company says any user who prefers to stay anonymous through a pseudonym should be cautious in preserving their identity.
“To keep your identity as veiled as possible, we recommend not adding a publicly known phone number or email address to your Twitter account,” the social media giant advises. “While no passwords were exposed, we encourage everyone who uses Twitter to enable 2-factor authentication using authentication apps or hardware security keys to protect your account from unauthorized logins.”
Tip of the day: The Windows Clipboard history feature provides the functionality across device, space, and time, letting you copy on one computer and paste the text days later on a different PC. All of it is possible via the Windows 10 clipboard manager, which lets you view, delete, pin, and clear clipboard history at will.
In our tutorial we show you how to enable the feature, clear clipboard history, and enable/disable clipboard sync to meet your preferences. You can also create a clear clipboard shortcut for quick removal of stored content.
