TWITTER has warned five million users about a security threat that may have exposed their accounts.
The security threat stems from a vulnerability that was brought to Twitter’s attention earlier this year.
When a hacker submits an email address or phone number to Twitter, Twitter’s system tells the hacker which Twitter account the email address or phone number is associated with.
This error was caused by a Twitter code update in June 2021.
Twitter has since fixed the issue and was not aware of anyone exploiting the vulnerability.
However, according to Bleeping Computer, one hacker who must have flown under the radar actually got away with stealing information from 5.4 million accounts.
A hacker known as “Devil” posted on a stolen data market forum that he had information about some elite accounts, the outlet said.
They told the outlet they would be selling the information for $30,000.
“Hello, today I am presenting you data collected from several users using Twitter via a vulnerability (5485636 users to be exact),” the hacker said.
“These users range from celebrities to corporations, random people, OGs, etc.”
The hacker exploited a vulnerability in December 2021 to collect the information, they told the outlet.
Shoppers have already approached the hacker to collect the data, the outlet reported.
If your account is hacked, Twitter will notify you directly.
Twitter made the announcement Friday because it was “unable to confirm every potentially affected account,
“and pay particular attention to individuals with pseudonymous accounts who may be targeted by government or other actors.”
Twitter has recommended that pseudonymous accounts not add a publicly known phone number or email address to their Twitter account.
No passwords were disclosed, but Twitter encourages everyone to use authenticator apps or hardware security keys to protect their accounts from unauthorized logins.
Twitter has also asked its users who are concerned about the security of their accounts or how to protect their personal information to contact their data protection regulator.
In Friday’s update, Twitter said, “We take our responsibility to protect your privacy very seriously and it is unfortunate that this has happened.”
It also said that it deeply regrets it.
https://www.the-sun.com/news/5953165/twitter-account-privacy-threat/ Twitter hack warning as 5 MILLION accounts are ‘exposed’ – is yours compromised?