Twitter admits to a flaw in its system that exposed user data

Trent Meikle

2 years ago

On Friday, Twitter admitted to a fault in its code that caused the breach of users’ private data. The code became vulnerable in June last year, with Twitter only becoming aware of the issue in January. The code was fixed, but the damage is done.

Bugged down

“We take our responsibility to protect your privacy very seriously and it is unfortunate that this happened.”

Twitter Spaces — “We take our responsibility to protect your privacy very seriously and it is unfortunate that this happened.”

The vulnerability was first discovered by a security researcher, who reported the fault through Twitter’s bug bounty program. After fixing the error, Twitter didn’t feel a need to warn its 396 million users of the breach claiming there was “no evidence” it had been exploited. Twitter then learned that a ‘bad actor’ had potentially stolen private data and was offering to sell it. Twitter reviewed the data for sale, confirming the breach had impacted users.

The bug allowed attackers to submit an email address or phone number to the system, subsequently learning which accounts were tied to them, if any. It became possible to determine the identity of certain accounts and sell the information to the highest bidder.

“We will be directly notifying the account owners we can confirm were affected by this issue. We are publishing this update because we aren’t able to confirm every account that was potentially impacted, and are particularly mindful of people with pseudonymous accounts who can be targeted by state or other actors,” Twitter said in a blog post.

Read More: How to add a Location Spotlight to your business Twitter account