Twitter fixes security bug that exposed at least 5.4 million accounts
Twitter says it has fixed a security vulnerability that allowed threat actors to compile information of 5.4 million Twitter accounts, which were listed for sale on a known cybercrime forum. The vulnerability allowed anyone to enter a phone number or an email address of a known user and learn if it was tied to an existing Twitter account, potentially exposing the identities of pseudonymous accounts.
In a brief statement published Friday, the microblogging giant said, “if someone submitted an email address or phone number to Twitter’s systems, Twitter’s systems would tell the person what Twitter account the submitted email addresses or phone number was associated with, if any.” Twitter said it fixed the bug in January — six months after the bug was initially introduced to its codebase — after a bug bounty report by a security researcher, who was awarded $6,000 for disclosing the vulnerability.
Source
@Twitter_Instagram_Tiktok
