(MENAFN- Trend News Agency)
Twitter said on Friday that it has fixed a security
vulnerability that allowed threat actors to compile information of
5.4 million Twitter accounts, Trend reports citing Xinhua .
The vulnerability allowed anyone to enter a phone number or an
email address of a known user and learn if it was tied to an
existing Twitter account, potentially exposing the identities of
pseudonymous accounts.
In a statement released on Friday, the company said, 'if someone
submitted an email address or phone number to Twitter's systems,
Twitter's systems would tell the person what Twitter account the
submitted email addresses or phone number was associated with, if
any.'
The bug resulted from an update to code in June 2021. After a
bug bounty report by a security researcher, the company
investigated and fixed it in January, Twitter said in the
statement.
According to the bug bounty report, the vulnerability posed a
'serious threat' to users who have private or pseudonymous
accounts, and could be used to 'create a database' or enumerate 'a
big chunk of the Twitter user base.'
Hackers had already exploited the vulnerability before its
fixation to create a database of email addresses and phone numbers
of 5.4 million Twitter accounts, a report by TechCrunch said.
'After reviewing a sample of the available data for sale, we
confirmed that a bad actor had taken advantage of the issue before
it was addressed,' Twitter said. 'We will be directly notifying the
account owners we can confirm were affected by this issue.'
MENAFN05082022000187011040ID1104654521
Legal Disclaimer:
MENAFN provides the information “as is” without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the provider above.