Twitter is really not having a good year. Twitter has been forced to report another security flaw. This flaw allowed users to see whether a phone number or email address was connected to an existing Twitter account. One hacker, in particular, compiled a list of Twitter account information from 5.4 million accounts and then sold it online.
Here’s what Twitter said about the incident:
“In January 2022, we received a report through our bug bounty program of a vulnerability in Twitter’s systems. As a result of the vulnerability, if someone submitted an email address or phone number to Twitter’s systems, Twitter’s systems would tell the person what Twitter account the submitted email addresses or phone number was associated with, if any. This bug resulted from an update to our code in June 2021. When we learned about this, we immediately investigated and fixed it. At that time, we had no evidence to suggest someone had taken advantage of the vulnerability.”
It’s not a massive breach, as the info is publicly available, but it does mean that people can potentially track down a person’s phone number and harass them in a new, more extreme way.