Twitter fixes safety bug that uncovered no less than 5.4 million accounts – TechCrunch

Twitter says it has fastened a safety vulnerability that allowed menace actors to compile info of 5.4 million Twitter accounts later, which had been listed on the market on a recognized cybercrime discussion board.

The vulnerability allowed anybody to enter a telephone quantity or an e mail deal with of a recognized consumer and be taught if it was tied to an current Twitter account, probably exposing the identities of pseudonymous accounts.

In a brief statement printed Friday, the microblogging large stated, “if somebody submitted an e mail deal with or telephone quantity to Twitter’s techniques, Twitter’s techniques would inform the individual what Twitter account the submitted e mail addresses or telephone quantity was related to, if any.”

Twitter stated it fastened the bug in January — six months after the bug was initially launched to its codebase — after a bug bounty report by a safety researcher, who was awarded $6,000 for disclosing the vulnerability.

In line with the bug bounty report, the vulnerability posed a “critical menace” to customers who’ve non-public or pseudonymous accounts, and could possibly be used to “create a database” or enumerate “a giant chunk of the Twitter consumer base.” It’s much like a vulnerability found in late 2019 that allowed a safety researcher to match 17 million telephone numbers to Twitter accounts.

However the researcher’s warning got here too late. Hackers had already exploited the vulnerability throughout that six month window to create a database of e mail addresses and telephone numbers of 5.4 million Twitter accounts.

Twitter stated it discovered in regards to the exploitation from an unspecified press report in July, which discovered an inventory on a cybercrime discussion board claiming to have consumer information “from celebrities to corporations,” and OGs, referring to customized or extremely sought-after social media and gaming usernames.

“After reviewing a pattern of the obtainable information on the market, we confirmed {that a} dangerous actor had taken benefit of the difficulty earlier than it was addressed,” Twitter stated. “We will probably be immediately notifying the account homeowners we are able to verify had been affected by this difficulty.”

It’s the newest safety incident to hit Twitter lately. In Might, Twitter agreed to pay $150 million in a settlement with the Federal Commerce Fee after the corporate misused telephone numbers and e mail addresses, which customers submitted for establishing two-factor authentication, for focused promoting.

Leave a Reply

Your email address will not be published.