Twitter was reported to have encountered problems regarding the leakage of large amounts of their user account data. After being silent for some time, the social media with the blue bird logo finally admitted that their platform had a security vulnerability.
This security vulnerability is then exploited by hackers to find out information about Twitter app users. This includes the name of the user account associated with a specific email address and phone number.
Twitter initially addressed the issue regarding the security vulnerability in January 2022 after receiving reports through its bug bounty program. However, it was recently discovered that a hacker managed to exploit the vulnerability even before Twitter found out.
Reporting from The Verge (8/8), this vulnerability stems from an update made to the platform in June 2021 and is not known until early 2022. Of course this gives hackers an opportunity to exploit the vulnerability in the months before Twitter finds the vulnerability. .
However, Twitter initially had no evidence to suggest someone had taken advantage of the vulnerability. A few months later, last Friday (5/8), the company finally confirmed the leak of a large amount of Twitter application user data.
Based on a Bleeping Computer report written last month, as quoted from The Verge, someone managed to access the vulnerability while it was under Twitter’s radar. This person has reportedly amassed a database of more than 5.4 million accounts and sold the information on hacker forums for $30,000.
In the meantime, Twitter plans to notify users of their suspected hacked app. The social media company advises their users to enable two-factor authentication as well as attach an email address or phone number that is not publicly known to a secret account they don’t want to be associated with.
Unfortunately, it’s still unclear how many users were actually affected by the hack. In fact, according to The Verge, Twitter doesn’t seem to know the total number of user accounts affected.
