Hackers might have figured out your secret Twitter accounts

A safety vulnerability on Twitter allowed a foul actor to seek out out the account names related to sure e-mail addresses and telephone numbers (and sure, that would embody your secret movie star stan accounts), Twitter confirmed on Friday. Twitter initially patched the difficulty in January after receiving a report by means of its bug bounty program, however a hacker managed to take advantage of the flaw earlier than Twitter even knew about it.

The vulnerability, which stemmed from an replace the platform made to its code in June 2021, went unnoticed till earlier this yr. This gave hackers a number of months to take advantage of the flaw, though Twitter mentioned it “had no proof to recommend somebody had taken benefit of the vulnerability” on the time of its discovery.

Final month’s report from Bleeping Pc prompt in any other case, and revealed {that a} hacker managed to take advantage of the vulnerability whereas it flew underneath Twitter’s radar. The hacker reportedly amassed a database of over 5.4 million accounts by making the most of the flaw, after which tried to promote the knowledge on a hacker discussion board for $30,000. After analyzing the info posted to the discussion board, Twitter confirmed that its consumer knowledge had been compromised.

It’s nonetheless unclear what number of customers have really been affected although, and Twitter doesn’t appear to know, both. Whereas Twitter says it plans on notifying affected customers, it isn’t “capable of affirm each account that was probably impacted.” Twitter advises anybody involved about their secret accounts to allow two-factor authentication, in addition to to connect an e-mail handle or telephone quantity that isn’t publicly identified to the account they don’t wish to be related to.