Twitter has confirmed a vulnerability in its code led to a knowledge publicity late final 12 months. In a weblog publish , the corporate mentioned a malicious actor took benefit of a zero-day flaw earlier than it turned conscious of and patched the problem in January 2022. The vulnerability was found by a safety researcher who contacted Twitter by the corporate’s .

When Twitter first discovered of the flaw, it mentioned it had “no evidence” to counsel it had been exploited. However, a person  final month that they took benefit of the vulnerability to acquire knowledge on greater than 5.4 million accounts. Twitter mentioned it couldn’t affirm what number of customers had been affected by the publicity. The vulnerability allowed the unhealthy actor to find out whether or not an electronic mail deal with or cellphone quantity was tied to an current Twitter account. In flip, they may use that data to find out the id of an account’s proprietor.

“We are publishing this update because we aren’t able to confirm every account that was potentially impacted, and are particularly mindful of people with pseudonymous accounts who can be targeted by state or other actors,” Twitter mentioned. “If you operate a pseudonymous Twitter account, we understand the risks an incident like this can introduce and deeply regret that this happened.”

Twitter mentioned it could straight notify each account proprietor it might affirm was affected by the publicity. For customers making an attempt to maintain their id hidden, the corporate recommends not including a publicly recognized cellphone quantity or electronic mail deal with to an account. It additionally suggests including two-factor authentication.