The Twitter breach uncovered the nameless account holders

A vulnerability in Twitter software program that uncovered an unspecified variety of nameless account holders to potential identification compromise final 12 months has apparently been exploited by a malicious actor, the social media firm stated Friday.

It didn’t affirm the report that the information of 5.4 million customers was supplied on the market on-line in consequence, however stated that customers worldwide have been affected.

The breach is especially troubling as a result of many Twitter account holders, together with human rights activists, don’t reveal their identities on their profiles for safety causes that embrace concern of persecution by repressive authorities.

“That is very unhealthy for a lot of who use pseudonymous Twitter accounts,” tweeted US Naval Academy information safety skilled Jeff Kosseff.

The vulnerability allowed somebody to find out throughout login whether or not a specific cellphone quantity or e mail deal with was linked to an current Twitter account, thereby revealing the account’s house owners, the corporate stated.

Twitter stated it didn’t know what number of customers could have been affected and pressured that no passwords had been uncovered.

“We are able to affirm that the impression was international,” a Twitter spokesperson stated by way of e mail. “We can not decide precisely what number of accounts have been affected or the situation of the account holder.”

Twitter’s admission in a weblog publish on Friday adopted a report final month by digital privateness advocacy group Restore Privateness that detailed how information seemingly obtained by the vulnerability was being offered on a preferred hacking discussion board for $30,000.

A safety researcher found the bug in January, notified Twitter and obtained a $5,000 reward. Twitter stated the bug, launched within the June 2021 software program replace, was instantly mounted.

Twitter stated it discovered in regards to the hacker discussion board information sale from media experiences and “confirmed {that a} unhealthy actor exploited the problem earlier than it was resolved.”

It stated it’s notifying all account holders immediately that it could actually affirm they’ve been affected.

“We’re issuing this replace as a result of we’re unable to substantiate each account that’s probably affected, and we’re notably conscious of individuals with pseudonymous accounts who could also be focused by the state or different actors,” the corporate stated.

It suggested customers who need to hold their identification hidden to not add a publicly recognized cellphone quantity or e mail deal with to their Twitter account.

“When you have a pseudonymous Twitter account, we perceive the dangers that an incident like this will introduce and we deeply remorse that this occurred,” it stated.

The disclosure of the breach comes as Twitter is locked in a authorized battle with Tesla CEO Elon Musk over his try to again out of his earlier provide to purchase San Francisco-based Twitter for $44 billion.

About the author


Leave a Comment