Twitter fixes security bug that exposed at least 5.4 million accounts

Twitter says it has fixed a security vulnerability that allowed threat actors to compile information of 5.4 million Twitter accounts later, which were listed for sale on a known cybercrime forum.

The vulnerability allowed anyone to enter a phone number or an email address of a known user and learn if it was tied to an existing Twitter account, potentially exposing the identities of pseudonymous accounts.

In a brief statement published Friday, the microblogging giant said, “if someone submitted an email address or phone number to Twitter’s systems, Twitter’s systems would tell the person what Twitter account the submitted email addresses or phone number was associated with, if any.”

Twitter said it fixed the bug in January — six months after the bug was initially introduced to its codebase — after a bug bounty report by a security researcher, who was awarded $6,000 for disclosing the vulnerability.

According to the bug bounty report, the vulnerability posed a “serious threat” to users who have private or pseudonymous accounts, and could be used to “create a database” or enumerate “a big chunk of the Twitter user base.” It’s similar to a vulnerability discovered in late 2019 that allowed a security researcher to match 17 million phone numbers to Twitter accounts.

But the researcher’s warning came too late. Hackers had already exploited the vulnerability during that six month window to create a database of email addresses and phone numbers of 5.4 million Twitter accounts.

Twitter said it learned about the exploitation from an unspecified press report in July, which found a listing on a cybercrime forum claiming to have user data “from celebrities to companies,” and OGs, referring to custom or highly sought-after social media and gaming usernames.

“After reviewing a sample of the available data for sale, we confirmed that a bad actor had taken advantage of the issue before it was addressed,” Twitter said. “We will be directly notifying the account owners we can confirm were affected by this issue.”

It’s the latest security incident to hit Twitter in recent years. In May, Twitter agreed to pay $150 million in a settlement with the Federal Trade Commission after the company misused phone numbers and email addresses, which users submitted for setting up two-factor authentication, for targeted advertising.

NEWS RELATED

Sports partnerships are more than just a deal for major crypto companies

In 2021, it felt like every week a crypto company joined forces with a sports team or athlete. Fast-forward to today’s stagnating crypto market: Those partnerships still exist, but they’re less talked about. I wondered whether these alliances were paying off in a meaningful way, so I asked a ...

View more: Sports partnerships are more than just a deal for major crypto companies

Why do startup valuations go down when interest rates go up?

Daniel Faloppa Contributor Share on Twitter Daniel Faloppa founded Equidam after completing his M.Sc. in Finance and Investments at Rotterdam School of Management, Erasmus University with the goal of making valuations less problematic for entrepreneurs and investors. A new day, a new interest rate hike. A few serious faces from ...

View more: Why do startup valuations go down when interest rates go up?

Looks like time is up for Snap’s Pixy drone

Snap may have flown a bit too close to the sun in its development of the palm-sized selfie drone, Pixy. Following a late-April announcement, the social media firm has already begun pumping the brakes on the project, per a Wall Street Journal report. CEO Evan Spiegel has apparently relayed ...

View more: Looks like time is up for Snap’s Pixy drone

Quora is shutting down the English version of its Partner Program

Quora is shutting down the English version of its Partner Program on September 1st, the company announced on its website. The Partner Program will remain active in other languages, including German, Japanese, Spanish, French, Italian, Portuguese, Hindi, Swedish, Dutch, Marathi, Bengali, Tamil, Indonesian, Danish, Finnish and Norwegian. The Partner ...

View more: Quora is shutting down the English version of its Partner Program

Sofy raises cash to grow its no-code mobile app testing platform

Sofy, a startup developing a testing platform for mobile app devs it claims is used by Microsoft, today closed a $7.75 million seed round that brings its total capital raised to $9.5 million. Voyager Capital led the tranche with participation from PSL Ventures, GTMFund and Revolution, providing cash that CEO ...

View more: Sofy raises cash to grow its no-code mobile app testing platform

Google will roll out new updates to reduce low-quality and unoriginal content in search results

Google announced today that it’s rolling out new Search updates over the next few weeks that will aim to make it easier for people to find high-quality content. The new ranking improvements will work to reduce the amount of low-quality or unoriginal content that ranks high in search results. ...

View more: Google will roll out new updates to reduce low-quality and unoriginal content in search results

Your startup needs someone to be its lead storyteller

When it all comes down to it, what is a business? You are an organization that has identified a pain point that people are experiencing. In order to remove that pain point, you are offering a product in exchange for money. It sounds so simple. In the startup world, we ...

View more: Your startup needs someone to be its lead storyteller

Five years later, Google is still all-in on Kotlin

It’s been just over five years since Google first announced that it would make Kotlin, the statically typed language for the Java Virtual Machine first developed by JetBrains, a first-class language for writing Android apps at Google I/O 2017. Since then, Google took this a step further by making ...

View more: Five years later, Google is still all-in on Kotlin

Planning to use your startup equity as collateral? Good luck

Apple is launching two new Top Charts for paid podcasts

YouTube Shorts will start adding watermarks to discourage cross-platform sharing

Rocketplace raises $9M in seed funding to build the ‘Fidelity for crypto’

Acura’s vision for EVs is an SUV concept inspired by F1 and luxury Italian power boats

In a borderless world of work, companies need to prioritise IP protection

Pitch Deck Teardown: Mi Terro’s $1.5M seed deck

Amazon’s Ring quietly fixed security flaw that put users’ camera recordings at risk of exposure

The Gateway at Wynwood Miami Welcomes Global Flex Office Operator Mindspace

Along’s new mobile app lets creators record ‘infinite length’ video collabs

This new $100M fund plans to focus on startups accelerating the science around longevity

Aero raises $65M for its semi-private airline

OTHER NEWS