Advertisment

Twitter reported an incident impacting some accounts & private information

author-image
Social Samosa
New Update
secure

Following a code bug that affected numerous accounts, someone gathered data and information before the code was fixed. Twitter released a statement explaining what happened and the steps forwards.

Twitter recently got aware of a "bad actor" who took advantage of a code bug before it could be fixed and unethically gathered certain data and information of some accounts with the intention of selling it. The platform released a statement explaining the problem and stating that they shall be individually informing the affected accounts.

What happened

Through its bug bounty program, Twitter was informed about a vulnerability in its systems in January 2022. Due to the vulnerability, if someone submitted an email address or phone number, Twitter's systems might reveal what Twitter account, if any, the provided email address or phone number was affiliated with. The June 2021 code change caused this problem. When they discovered this, they looked into it and remedied it. They didn't have any indication at the time that someone had exploited the weakness.

Through a press report in July 2022, Twitter discovered that someone had taken advantage of this and was attempting to sell the data they had gathered. The platform recognized that a bad actor had exploited the problem prior to it being fixed after evaluating a sample of the data that was made available for sale.

Twitter will be directly notifying the account owners that were affected by this issue. They are publishing this update because they aren’t able to confirm every account that was potentially impacted, and are particularly mindful of people with pseudonymous accounts who can be targeted by the state or other actors.

Also Read: From team to metrics, top of the funnel & bottom of the funnel are kept separate at SUGAR: Kaushik Mukherjee

How you can protect your account

Recognizing the risks that a situation like this can have if you manage a pseudonymous Twitter account, to keep your identity as veiled as possible, not adding a publicly known phone number or email address to your Twitter account is recommended.

While no passwords were exposed, everyone who uses Twitter should enable 2-factor authentication using authentication apps or hardware security keys to protect an account from unauthorized logins.

Twitter account privacy secure data