Twitter says it has fixed a security vulnerability exploited by threat actors to gain account data of approximately 5.4 million users, which were put up for sale on a known hacking forum.
The vulnerability allowed the threat actor to enter a phone number or email address into the log-in flow in the attempt to learn if that information was tied to an existing Twitter account, and if so, which specific account.
“In January 2022, we received a report through our bug bounty program of a vulnerability in Twitter’s systems. As a result of the vulnerability, if someone submitted an email address or phone number to Twitter’s systems, Twitter’s systems would tell the person what Twitter account the submitted email addresses or phone number was associated with, if any. When we learned about this, we immediately investigated and fixed it,” Twitter disclosed in a security advisory.
Copyright of this story solely belongs to techworm.net . To see the full text click HERE