Twitter fixes security bug that exposed at least 5.4 million accounts2022-08-09 18:15 by Daniela
On Friday, Twitter disclosed information about a security vulnerability that allowed someone to find out whether a specific email address or phone number is tied to an existing Twitter accounts.
Twitter says the flaw was introduced in a June 2021 update, disclosed by a security researcher in January, and then patched later that month. "At that time," the company says, "we had no evidence to suggest someone had taken advantage of the vulnerability."
Now that's changed. BleepingComputer reports that someone exploited this vulnerability to scrape information about 5.4 million Twitter accounts - including the phone number or email address discovered via this flaw as well as publicly available data - before it was patched.
Twitter will directly inform the users affected by the vulnerability, although they don't have a confirmation on the actual accounts in the database yet. While this isn't an overtly personal leak, like with passwords, this can still affect people by way of phishing or more sophisticated attacks.
Read more -here-