JAKARTA - Twitter announced that it has fixed a security vulnerability that allowed criminals to collect critical information from 5.4 million accounts.
In a brief statement shared, Twitter said it had been receiving reports of security vulnerabilities on Twitter since January, through its bug bounty program.
So, this vulnerability originates if someone sends an email address or phone number to the Twitter system, then the system will notify you of information related to the email address or phone number sent by that person.
Twitter discloses a security breach
-someone used a vulnerability to discover the emails and phone numbers of Twitter accounts
-data of said accounts was later sold online
-vulnerability was also reported to Twitter via its bug bounty programhttps://t.co/G8MWIc0qEz pic.twitter.com/eN2VzzJCz4
— Catalin Cimpanu (on vacation) (@campuscodi) August 5, 2022
Twitter said that this bug resulted from their code update in June 2021. But at the time, they had no evidence that any bad people were exploiting the vulnerability.
Until finally, Twitter saw a report from one of the media in July 2022, where this vulnerability made it possible for these criminals to sell the information on a well-known dark website.
SEE ALSO:
"When we learned of this, we immediately investigated and fixed it. At that time, we had no evidence to suggest that someone had taken advantage of the vulnerability," Twitter said in a statement.
Now, Twitter will notify owners of accounts that have been confirmed to be affected by the issue. Twitter also encourages other users not to add a publicly known phone number or email address to your Twitter account.
Also, while there were no password leaks in this case, Twitter encourages all its users to enable 2-factor authentication (Two-Factor Authentication).
The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)