On Friday, Twitter confirm a zero-day vulnerability that allows a bad guy to find the email address and phone number associated with a number, 5.4 million Twitter accounts to be exact. And the data is said to be on sale now.
Twitter said it fixed the bug in January when it first learned about the vulnerability through its bug bounty program, but the hacker was fast enough to exploit the system before Twitter could issue a patch.
The vulnerability is caused by a code update pushed in July 2021, which was not fixed until January 2022, giving attackers enough time to exploit it. However, Twitter said that it had “no evidence that someone took advantage of the vulnerability” when it was discovered.
Twitter’s zero-day vulnerability allows anyone to get anyone’s username through a email address or phone number. BleepingComputer reports that a bad guy exploited this vulnerability to compile the usernames of about 5.4 million Twitter accounts and is now selling the data on a stolen data marketplace for $30,000.
Twitter says that the vulnerability poses a “serious threat” to users with fake accounts and can be used to detail “a large portion of Twitter’s user base.” However, it did not disclose how many accounts were compromised because of the vulnerability. The microblogging platform says it will notify affected users directly, but doesn’t appear to be aware of every affected account.
How can you save yourself from such attacks in the future? Well, we recommend turning on 2FA Authentication. Furthermore, Twitter recommends using a personal email address or phone number with accounts with your pseudonym.
FacebookTwitterInstagramKOOKS APPLICATIONYOUTUBE
