Twitter fixes security vulnerability exposing 5.4 mln accounts
The vulnerability allowed anyone to enter a phone number or an email address of a known user and learn if it was tied to an existing Twitter account, potentially exposing the identities of pseudonymous accounts.
In a statement released on Friday, the company said, "if someone submitted an email address or phone number to Twitter's systems, Twitter's systems would tell the person what Twitter account the submitted email addresses or phone number was associated with, if any."
The bug resulted from an update to code in June 2021. After a bug bounty report by a security researcher, the company investigated and fixed it in January, Twitter said in the statement.
According to the bug bounty report, the vulnerability posed a "serious threat" to users who have private or pseudonymous accounts, and could be used to "create a database" or enumerate "a big chunk of the Twitter user base."
Follow us on Twitter @AzerNewsAz