Twitter is having a really bad time of it at the minute. With Elon Musk trying desperately to pull out of his bid to buy the company while repeatedly trashing it in public, things are looking desperate. Unfortunately, however, things look set to get a little worse a security flaw in Twitter’s code has opened up a vulnerability that hackers and malicious actors have been exploiting. Here is what you need to know.
Twitter released details about the security breach in a blog post. The post explains that the flaw enabled malicious actors to enter phone numbers and email addresses into Twitter’s log-in flow to learn if the details were attached to an account as well as the account they were tied to. This, in essence, gave them the ability to match identities to accounts, even if those accounts were anonymous.
According to the blog post, the flaw came from an update to Twitter’s code back in June 2021. Even though Twitter found nobody was leveraging the vulnerability back then, this changed earlier this summer with Twitter saying:
“In July 2022, we learned through a press report that someone had potentially leveraged this and was offering to sell the information they had compiled. After reviewing a sample of the available data for sale, we confirmed that a bad actor had taken advantage of the issue before it was addressed.”
Twitter will be notifying all users who were affected by the bug and whose identities have been exposed. The company first learnt about the vulnerability thanks to its bug bounty program and has since closed it off so that no more users will face losing their anonymity.
In other recent Twitter security news, be sure to look out for various phishing scams that have been targeting verified accounts.
