Failure above all affected the anonymity of several million accountswhich used a vulnerability in a code update from last year.
Millions of accounts with stolen data
The case actually dates back to January 2022, when a hacker exploited a vulnerability in the social network code update in June 2021 and that it allowed a phone number or email address to be entered into the login in an attempt to find out if that information was linked to an existing Twitter account, and if so, which specific account.
This compromised the personal data of 5.4 million accounts, although this time there was no password theft. The main impact of this theft of personal information is on those who wanted to have anonymous accounts. Of course, associated email and mobile could also be a sweet tooth for other cybercriminals.
The bug was communicated to Twitter during this month of January 2022 via the Bug Bounty program. At the time, it was fixed and they had no records that it was taken advantage of.
However, a more recent report by Bleeping Computer reported the sale of this database with 5.4 million accounts and their associated email addresses and cellphone numbers for a price of $30,000 in a hacking forum. That’s when Twitter verified the veracity of said leak and it was therefore made public.
How to know if you are affected
From the social network itself, they confirm that they do not know at this time which accounts and how many have been compromised. However, they will directly inform all the owners of one of them if there is confirmation that he was affected.
“We will notify account owners directly that we can confirm that they have been affected by this issue. pseudonyms that may be targeted by the state or other actors.”
If you prefer to take the initiative yourself, either because you are concerned about the security of your account or because you have questions about how Twitter protects your personal information, you can contact the Data Protection Office. . via this form.
How to protect yourself: two-factor authentication
From Twitter they recommend (regardless of the assignment or not in this case) the activation of the two-factor authentication on twitter for connecting to the social network.
The process of activating this additional layer of security is simple: go to the options menu and stop at the “Settings and privacy” section. Here, select “Security and account access” then “Security”.
Click or tap Two-Factor Authentication and choose your method: SMS, authenticator app or security key.
In addition to this 2FA, they recommend for keep your identity as hidden as possible Not having a publicly known phone number or email address added to your Twitter account.