Twitter confirms data leak that may have affected 5.4 million

A glitch in Twitter’s system exposed the data of several users last year, the social network confirmed in a post on its website. blog dedicated to security and privacy last Friday (5). Unofficial sources claim that 5.4 million profiles were affected, but the company does not confirm the number.

According to the text, the vulnerability allowed an existing email or phone number to be used to check if they were being used on a specific page on the social network. In this way, it was possible to link the page to its owner, which constitutes a violation of privacy.

The security flaw, according to the company, emerged in June 2021 and was only resolved in January of this year, although it was only recognized by Twitter now, in August. Also according to the post, when the social network was informed of the problem, they had “no evidence” that anyone had exploited the vulnerability.

However, in July 2022, the company became aware that, in the time window in which the flaw existed, there was a collection of private data by “malicious agents” and that this data was being sold.

The estimate that 5.4 million users were affected was made by a hacker who contacted the website Bleeping Computer, which specializes in technology news.

“We are publishing this news because we were unable to confirm all accounts that were potentially impacted, and we are particularly attentive to people with pseudonymous accounts that could be targeted by the State or other actors,” Twitter said.

“If you have a pseudonymous Twitter account, we understand the risk that such an incident can cause and we are deeply sorry that this happened,” he continues.

“Pseudonymous account” is one in which the user does not use his real name or any other data that may refer to his natural person.

Therefore, the company clarified that it intends to contact all the people it was able to confirm that had their data leaked. In addition, it reinforced the recommendation that users who do not wish to have their identity revealed do not associate their Twitter page with known telephone numbers or e-mails.

Finally, the company highlighted the importance of using the so-called “two-step verification”, a process that requires an extra password to log in to a profile, for the security of those who do not wish to be identified.

About Yadunandan Singh

Born in 1992, Yadunandan approaches the world of video games thanks to two sacred monsters like Diablo and above all Sonic, strictly in the Sega Saturn version. Ranging between consoles and PCs, he is particularly fond of platform titles and RPGs, not disdaining all other genres and moving in the constant search for the perfect balance between narration and interactivity.

Check Also

4 ways to make a Pix in under 1 minute

Launched in 2020 by the Central Bank, Pix allows you to instantly transfer money to …