While the company says no passwords were compromised, it continues to encourage users to enable two-factor authentication (2FA) for their accounts, either in the form of authentication apps or hardware keys. A threat hunter reported this vulnerability in January 2022, with Twitter eventually awarding the researcher for the find as part of its bug bounty program. Twitter introduced the vulnerability after updating its code in June 2021. To keep your identity as veiled as possible, we recommend not adding a publicly known phone number or email address to your Twitter account.Īccording to BleepingComputer, the attacker sold the data on twice, saying that “the data would likely be released for free in the future.” Per the Washington Post, cybercriminals exploited an API vulnerability in Twitter’s platform to call up user. If you operate a pseudonymous Twitter account, we understand the risks an incident like this can introduce and deeply regret that this happened. The data that appeared on Breached this week was actually stolen during 2021. It's a bit late now, but Twitter recommends anyone trying to stay anonymous should not tie a publicly known phone number or email to their Twitter account. This is especially worrying for users who want to remain anonymous on the platform. The attacker took advantage of this and created a list containing 5.4 million Twitter users with scraped publicly available details of the accounts, including whether the account was verified. When a person submits a publicly known email address or phone number to Twitter, the system tells this person what Twitter account the email or phone number is associated with. We take our responsibility to protect your privacy very seriously, and it is unfortunate that this happened.” “We want to let you know about a vulnerability that allowed someone to enter a phone number or email address into the log-in flow in the attempt to learn if that information was tied to an existing Twitter account, and if so, which specific account. Jan 16, 2023, 11:17 AM EST A Twitter user has sued the company over a data breach, days after an internet hacker site posted information allegedly gleaned from more than 200 million accounts. This enabled the attacker to compile a list of 5.4 million Twitter user account profiles. A Twitter user has sued the company over a data breach, days after an internet hacker site posted information allegedly gleaned from more than 200 million accounts. ![]() In December, one hacker claimed to have the personal data of 400 million users for. ![]() Twitter has confirmed that it was breached last month via a now-patched 0-day vulnerability in Twitter’s systems, allowing an attacker to link email addresses and phone numbers to user accounts. A Twitter API vulnerability shipped in June 2021 (and later patched) has come back to haunt the organization.
0 Comments
Leave a Reply. |