Antivirus Security Twitter has confirmed that a June 2021 vulnerability (fixed) has been exploited to access some public information of users.
Twitter has confirmed that, due to a vulnerability introduced with the June 2021 code update, someone gained access to accounts and stole various personal information. At the end of July, a certain "devil" put on sale the data of more than 5.4 million users on the dark web. The Californian company has fixed the bug and informed the interested parties (not all). Data breach: how to protect your account Twitter received the vulnerability report in January 2022 through the bug bounty program. The security problem, also reported on the HackerOne platform, allowed to verify the existence of an account (Twitter ID) by indicating phone number or email address. The company explains that the bug, introduced with a code update in June 2021, was later fixed. At the end of July, however, a cybercriminal revealed that he had exploited the vulnerability to collect the data of more than 5.4 million users. Using your Twitter ID, you had access to other public information, including your login name, geographic location, profile picture, and number of followers. The data went on sale for $30,000, and at least two people bought the database for a smaller sum. Twitter has contacted the majority of users, but it is not possible to confirm the exact number of affected accounts. The company suggests not adding phone numbers and known email addresses to keep your identity anonymous. Users should also enable two-factor authentication. To block any phishing, spear phishing or smishing attacks, it is preferable to install a security solution, such as Malwarebytes Premium. This article contains affiliate links: purchases or orders placed through such links will allow our site to receive a commission.