A recent exploited vulnerability on Twitter allowed bad actors to have their hands on the database of different account owners, and it poses a danger for individuals who wish to keep their identity on the platform unknown.
“As a result of the vulnerability, if someone submitted an email address or phone number to Twitter’s systems, Twitter’s systems would tell the person what Twitter account the submitted email addresses or phone number was associated with, if any,” Twitter admitted on a blog post last Friday detailing the case.
According to Twitter, it introduced an update to its code in June 2021, which unfortunately opened the gates for a bug that the social media giant was unaware of initially. The incident reportedly allowed hackers to accumulate the database of over 5.4 million accounts, which Twitter didn’t confirm. Nonetheless, while it noted through an email to the new website Gadgets 360 that it cannot “determine exactly how many accounts were impacted or the location of the account holders,” it “can confirm the impact was global.”
The problem with the system was first brought to the attention of Twitter through a bug bounty program report, which the company said it “immediately investigated and fixed.” However, during the time of the report, Twitter disclosed that they had no evidence of the exploit.
“In July 2022, we learned through a press report that someone had potentially leveraged this and was offering to sell the information they had compiled,” Twitter added. “After reviewing a sample of the available data for sale, we confirmed that a bad actor had taken advantage of the issue before it was addressed.”
It might be a huge issue for individuals who use pseudonyms to explore Twitter, and such a group includes journalists, activists, celebrities, or even sex workers wanting to keep their identities hidden. Twitter said that it would notify confirmed accounts affected by the issue but also encouraged every account owner on the platform to observe caution in order to keep their identities protected.
“To keep your identity as veiled as possible, we recommend not adding a publicly known phone number or email address to your Twitter account,” the social media company suggested. “While no passwords were exposed, we encourage everyone who uses Twitter to enable 2-factor authentication using authentication apps or hardware security keys to protect your account from unauthorized logins.”