Twitter recently confirmed that a vulnerability in its code led to the exposure of data of anonymous users on the platform. Private user data on more than 5.4 million accounts was accessed before the company patched the bug that let malicious actors into the system.
Engadget reports that Twitter has confirmed a vulnerability in its code that led to the exposure of anonymous users’ data. In a blog post published on Friday, Twitter stated that a malicious actor took advantage of a zero-day flaw in its code before it became aware of the issue and patched it in January 2022.
The vulnerability was noticed by a security researcher who contacted Twitter via its bug bounty program. Twitter initially said that there was “no evidence” to suggest that the flaw had been exploited, but an individual told Bleeping Computer last month that they had taken advantage of the bug and obtained data on more than 5.4 million accounts.
Twitter stated that it is unable to confirm whether users were affected by the exposure. The vulnerability allows the hacker to determine whether an email address or phone number was linked to an existing Twitter account. The hacker was then able to determine who owned the Twitter account.
“We are publishing this update because we aren’t able to confirm every account that was potentially impacted, and are particularly mindful of people with pseudonymous accounts who can be targeted by state or other actors,” Twitter said. “If you operate a pseudonymous Twitter account, we understand the risks an incident like this can introduce and deeply regret that this happened.”
Twitter stated that it would notify all account owners that it could confirm were affected by the exposure. The company recommends that users attempting to hide their identity not link a publicly known phone number or email address to an account and to enable two-factor authentication.
The news of Twitter’s latest bug exposing private user data comes as the company is locked in a legal war with Elon Musk over his revoked offer to buyout the company. Breitbart News recently reported on Musk’s countersuit, which just became public.
Musk’s countersuit makes it clear that he wants to be free from the deal he agreed to in April to purchase the site. Musk alleges that Twitter engaged in fraud, breach of contract, and violation of the Texas Securities Act. Musk’s attorney is arguing that while Twitter claims to have 238 million monetizable daily active users, the proportion that actually sees ads is 65 million lower.
Musk further alleges that the majority of ads are shown only to less than 16 million users, which is less than seven percent of the number of users Twitter claims can earn the company revenue by seeing ads.
“Twitter played a months-long game of hide-and-seek to attempt to run out the clock before the Musk Parties could discern the truth about these representations, which they needed to close,” the countersuit alleges. “The more Twitter evaded even simple inquiries, the more the Musk Parties grew to suspect that Twitter had misled them.”
Read more at Engadget here.
Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship. Follow him on Twitter @LucasNolan