Twitter fixed a bug in January that exposed the data

Twitter fixed a bug in January that exposed the data of 5.4 million users

Twitter announced it had fixed a security flaw that allowed attackers to collect data on 5.4 million platform accounts – the database was put up for sale on one of cybercriminals’ dark side. The vulnerability made it possible to specify a phone number or email address and find out if a social network account was linked to it.

    Image source: Fotomix /

Image source: Fotomix /

The vulnerability appeared during a code update in June 2021, cleared platform management. Information on this was received in January 2022 – the bug was quickly identified and fixed, and the expert who reported the issue received a $6,000 reward. The issue has been described as a “serious threat” to users – the vulnerability could be used to create a database that would contain a significant portion of Twitter users. There have already been precedents: in 2019, the expert was able to match 17 million telephone numbers with service accounts.

Unfortunately, the problem became known too late: In the six months since its introduction, hackers managed to exploit the vulnerability and collect a database of email addresses and phone numbers – a total of 5.4 million records. The fact that the database was offered for sale only became known on Twitter in July: the company’s specialists examined a sample of the presented data and confirmed that the attackers had exploited the vulnerability before it was officially discovered. The platform pledged to notify users affected by the incident individually.


About the author

Robbie Elmers

Robbie Elmers is a staff writer for Tech News Space, covering software, applications and services.

Add Comment

Click here to post a comment