Twitter accidentally disclosed 5.4 million accounts with phone numbers and email addresses. Someone was trying to sell this information. After they became aware of the leak in January, they quietly corrected it and hoped no one else could find it. It’s now known that an attacker exploited the issue before it was addressed.
Twitter accidentally disclosed personal information, including phone numbers and email addresses, with 5.4 million accounts. Someone was trying to sell this information. In January 2022, we received a notification of a vulnerability in Twitter systems through our bug bounty program. Vulnerability as a result of an email address or phone number in their system if someone sends Twitter, Twitter, Systems, e-mail address or phone number associated with that person shall notify a Twitter account. This error is the result of updating our code in June 2021. When we heard about this, we immediately conducted an investigation and fixed the problem. We had no evidence at the time that anyone had exploited this vulnerability. In July 2022, we learned from a press release that someone had taken advantage of this and offered to sell the information they had collected. After reviewing a sample of the data offered for sale, we have confirmed that the attacker took advantage of the issue before it was addressed. This also applies to anonymous accounts. This interpretation is correct: Therefore, after users are forced to enter a phone number to continue using Twitter, they combine phone numbers and related accounts, although Twitter does not need to know the user’s phone number. But things are getting worse … After they became aware of the leak in January, instead of revealing the fact that millions of users’ data were open to any observers, they quietly corrected it and hoped that no one else could find it.
