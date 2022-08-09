Earlier this year, Twitter discovered a security flaw in its platform that allowed an attacker find out personal account information. As commented in your blogthe person who exploited this vulnerability could find out the name of the account associated with a particular email or phone number.

The bug was fixed and Twitter found no evidence that any accounts had been compromised. However, it has recently been discovered that a hacker got a database with personal information of about 5.4 million people through this security flaw. The cybercriminal was selling this information on a forum for $30,000.

A security flaw that has persisted for months on Twitter

Although this vulnerability was present since June 2021 after an update in the platform code, Twitter couldn’t patch it until it learned about it in January of this year., through its bug bounty program. At the time, the company warned that they found no evidence that any account had been compromised. Which brings us to the company’s statement published a few days ago, in which they have found evidence of a possible leak of information from some 5.4 million accounts.

This feat made even lock accounts vulnerable. Although from Twitter they have assured that users do not have to do anything at the moment, they have confirmed that they plan to notify those accounts that have been violated. However, according to the company, they still cannot confirm each and every one of the accounts that have been affected.

Twitter also warns that anyone concerned about their locked account should turn on two-factor authentication, as well as add a non-publicly known email account and phone number to the account they don’t want to be associated with.

Via | TheVerge