IBM Launches Watsonx AI Platform at Seoul Tech Summit 2023; Collaboration with Hugging Face Announced
Apple has switched from its Lightning connector to USB-C — we explain which is better and why they did it
Twitter hack: Security breach may have exposed secret accounts through linked email addresses, phone numbers
Twitter recently confirmed that its systems suffered a security breach that primarily affected “pseudonymous accounts.” The exploit, first found last January, reportedly allowed the hacker to figure out if an email address or phone number is linked to a Twitter account.
Twitter hack may have targeted secret accounts
The said security vulnerability was reported through Twitter’s bug bounty program last January, the social media company said in a blog post last week. Twitter then updated its code last June in response to address the security issue but noted that it found “no evidence” at the time that the vulnerability was exploited.
That changed, however, when a “press report” revealed that a hacker possibly exploited the vulnerability. Twitter was likely referring to Bleeping Computer’s report last July 22 that revealed a hacker known as “devil” was selling the data collected through the exploit for $30,000.
In devil’s original post, the hacker claimed it collected data from a total of 5,485,636 Twitter users, including “Celebrities, to Companies, randoms, OGs, etc.” Bleeping Computer said in its July report that it was able to verify the accuracy of a “small sample of data” that the hacker presented. It had no way of knowing, though, if the rest of the claimed data from 5.4 million users are all real.
In Twitter’s statement last week, the company implied that the security impacted only “some accounts.” But it emphasized the incident's potential effect's on users with “pseudonymous accounts” or secret accounts. This corroborated what the hacker previously told Bleeping Computer, claiming that they were able to input email addresses and phone numbers to figure out if it is linked to a Twitter account and to identify its Twitter ID.
Twitter’s advice to keep accounts protected
Due to how the exploit worked, Twitter advised users with pseudonymous accounts to avoid using public email addresses and phone numbers. The company said there was no password exposed in the incident, but it still encouraged users to enable two-factor authentication.
Twitter will directly notify affected users. But the social media company added, “We are publishing this update because we aren’t able to confirm every account that was potentially impacted, and are particularly mindful of people with pseudonymous accounts who can be targeted by state or other actors.”