Millions of anonymous Twitter accounts may be exposed to information leaks.
Twitter says it was made aware of a vulnerability in January that saw its systems tell someone whether a particular email address or phone number they submitted was associated with a specific account. The social media giant received the report via its bug bounty program, he said in a blog post on Friday.
Twitter said the bug resulted from a June 2021 code update and that it fixed the issue when it became aware of it. There was no evidence to suggest anyone took advantage of the bug at the time.
However, the company learned last month that a bad actor took advantage of the information. BeepComputerspoke to a person who accessed information from 5.4 million accounts.
Twitter says it is notifying as many affected accounts as possible, but it won’t be possible to notify them all.
“We are issuing this update because we are unable to confirm all potentially impacted accounts, and are particularly mindful of individuals with pseudonymous accounts who may be targeted by the state or other actors,” Twitter wrote in a post. the blog post.
Source: TwitterBleepingComputer Via: Engadget