Twitter confirmed that a vulnerability in their code caused data to be leaked late last year. In a blog post published Friday, the company said that malicious people exploited the zero-day vulnerability and they fixed the issue in January of this year. The vulnerability was discovered by a security researcher who contacted Twitter.
When Twitter first learned of the vulnerability, it said it had “no evidence” that it was exploited, but one person told Bleeping Computer last month that they had exploited the vulnerability to obtain data from more than 5.4 million accounts . Twitter said it could not confirm how many users were affected by the exposure.
Twitter Says Anonymous Accounts Could Be Disclosed
The vulnerability allowed malicious people to access a lot of data, from whether an email address or phone number was linked to an existing Twitter account. Moreover, these malicious individuals can use this information to identify the account holder.
Twitter made the following statements on the subject:
“We’re releasing this update because we’re unable to verify every potentially affected account, and we care specifically about people with aliased accounts that could be targeted by the government or others.
We understand the risks of the current vulnerability if you choose to be anonymous, i.e. a Twitter account that does not reflect your true identity, and we deeply regret that this has happened.”
Twitter said it will directly notify any account holder it can confirm was affected by the exposure . The company advises users trying to keep their identities private not to add a public phone number or email address to an account. It also recommends using two-factor authentication .