Twitter accounts exposed in major security issue


A flaw in Twitter’s code allowed threat actors to link accounts to email addresses registered against them, potentially exposing identities (opens in a new tab) of their operators, confirmed the social network.

Late last week, the company revealed the flaw in a blog post (opens in a new tab)in which he apologized for the inconvenience and explained that the issue had been resolved as soon as it was discovered.

The exploit took advantage of the way Twitter handled failed login attempts. When someone tried to log in using an email address or phone number, even if they typed in the wrong password, Twitter did two things:

  • Tell the user they submitted the wrong password
  • Display the Twitter handle associated with this email address or phone number (if applicable)

This meant that people running pseudonymous accounts could have had their identities exposed.

Sell ​​data on the dark web

The flaw was first spotted in mid-2021. At the time, Twitter said it could find no evidence of abuse. “This bug results from an update to our code in June 2021,” the company wrote.

A year later, Twitter learned from a news article that someone had actually compiled a list of user accounts with this method and tried to sell it.

Twitter apologized for the inconvenience, said it resolved the issue as soon as it became known, and said it would notify affected account owners directly.

“We are issuing this update because we are unable to confirm all potentially impacted accounts and are particularly mindful of individuals with pseudonymous accounts who may be targeted by the state or other actors,” the company added. .

The microblogging platform has been getting a lot of attention lately, since eccentric billionaire Elon Musk said he intended to acquire it. The future of the deal will now be decided in the Delaware Chancery Court, after Musk tried to pull out, reportedly due to the volume of bots operating on the platform.


Comments are closed.