Twitter confirms the data breach that affected 5.4 million users

Partager sur facebook
Partager sur twitter
Partager sur linkedin
Partager sur email

A July security breach at Twitter, which resulted in the exposure of hidden profile information of anonymous accounts, has been confirmed to be the result of a zero-day exploit. 

The individual responsible claims to have obtained key information from 5.4 million accounts on the platform. Zero-day exploits are a threat to the technology sector, with web browsers – Chrome and Firefox – being particularly vulnerable to these threats. 

The vulnerability allowed anyone to submit an email address or phone number, check to see if it was associated with a Twitter account and retrieve the associated account ID. The hacker then used that ID to retrieve public information about the account.

The platform mentions in a press release:

 « In July 2022, we learned from a news article that someone had potentially exploited this flaw and was offering to sell the information they had compiled. After reviewing a sample of the data available for sale, we confirmed that an actor had indeed taken advantage of this issue before it was resolved. »

The bug that caused the breach came from a June 2021 update to Twitter’s code and was quickly fixed, Twitter said.

The most recent incident was in May, when Twitter agreed to pay $150 million in a settlement with the Federal Trade Commission after the company misused phone numbers and email addresses, which users submitted to set up two-factor authentication, for targeted ads.

 

By Mélissa Walehiane

Évaluez votre niveau
de conformité

En quelques clics,
lancez sans engagement
et en toute conformité un
audit flash !

Pour recevoir votre audit flash gratuit et sans engagement, merci de bien vouloir remplir ce formulaire :