Twitter confirms data has been stolen from 5.4m

Twitter has confirmed that a suspected data breach in July led to account data being stolen

Twitter has confirmed that the phone numbers and email addresses from 5.4 million accounts have been stolen.

In a statement on its corporate website Twitter said that in January 2022, it received a report through its  bug bounty program of a vulnerability in Twitter's systems. As a result of the vulnerability, if someone submitted an email address or phone number to Twitter’s systems, Twitter's systems would tell the person what Twitter account the submitted email addresses or phone number was associated with, if any. This bug resulted from an update to its code in June 2021.

The statement said: "When we learned about this, we immediately investigated and fixed it. At that time, we had no evidence to suggest someone had taken advantage of the vulnerability. 

"In July 2022, we learned through a press report that someone had potentially leveraged this and was offering to sell the information they had compiled. After reviewing a sample of the available data for sale, we confirmed that a bad actor had taken advantage of the issue before it was addressed.

"We will be directly notifying the account owners we can confirm were affected by this issue. We are publishing this update because we aren’t able to confirm every account that was potentially impacted, and are particularly mindful of people with pseudonymous accounts who can be targeted by state or other actors.

"We understand the risks an incident like this can introduce and deeply regret that this happened."

Twitter's advice for protecting your account

If you operate a pseudonymous Twitter account, to keep your identity as veiled as possible, do not add a publicly known phone number or email address to your Twitter account.

While no passwords were exposed, we encourage everyone who uses Twitter to enable 2-factor authentication using authentication apps or hardware security keys to protect your account from unauthorized logins.

If you’re concerned about the safety of your account, or have any questions about how we protect your personal information, you can reach out to our Office of Data protection through this form

 

 

 

Share

Featured Articles

Barracuda: Why Businesses Struggle to Manage Cyber Risk

Barracuda Networks CIO report shows that six in 10 businesses struggle to manage cyber risk, with issues such as policy struggles and management buy-in

Evri, Amazon and Paypal Among Brands Most Used by Scammers

With the development of AI, cybercriminals are becoming more and more sophisticated in their attacks, using fake websites and impersonating popular brands

Tech & AI LIVE: Key Events that are Vital for Cybersecurity

Connecting the world’s technology and AI leaders, Tech & AI LIVE returns in 2024, find out more on what’s to come in 2024

MWC Barcelona 2024: The Future is Connectivity

Technology & AI

AI-Based Phishing Scams Are On The Rise This Valentine’s Day

Cyber Security

Speaker Lineup Announced for Tech Show London 2024

Technology & AI