Twitter confirmed, this Friday (5), that it corrected a vulnerability that exposed the data of 5.4 million accounts. in a statementthe company says the problem was fixed in January of this year, but the volume extracted by criminals remains for sale on the internet.

The bug allowed anyone to identify the account holder by entering a phone number or an email address in the social network’s systems. After that, the social network presented the account that this data was linked to, exposing private profiles and aliases.

The company claims that, upon learning of the vulnerability, it updated the security code.

A note published by the company says they discovered the leak through the press. No passwords were exposed, the company says.

“After reviewing a sample of the data available for sale, we confirmed that a bad actor had taken advantage of the issue before it was resolved. We will directly notify account owners that we can confirm they have been affected by this issue.”

