Security News > 2022 > July > Twitter launches probe after miscreants claim to have swiped 5.4m users' details

Twitter is investigating claims that a near-seven-month-old vulnerability in its software has been exploited to obtain the phone numbers and email addresses of a reported 5.4 million users.

"We are reviewing the latest data to verify the authenticity of the claims and ensure the security of the accounts in question," a Twitter spokesperson wrote in an email to The Register.

"As always, we're committed to protecting the privacy and security of the people who use Twitter. We're grateful to the security community who engages in our bug bounty program to help us identify potential vulnerabilities such as this."

"This is a serious threat, as people can not only find users who have restricted the ability to be found by email/phone number, but any attacker with a basic knowledge of scripting/coding can enumerate a big chunk of the Twitter user base unavailable to enumeration prior," zhirinovskiy wrote at the time.

Twitter paid zhirinovskiy a $5,040 bounty for the discovery, and fixed the vulnerability on January 13.

Last week RestorePrivacy said it found the Twitter database for sale on Breached Forums, analyzed the the samples, and confirmed that they matched "Real-world people that can be easily verified with public profiles on Twitter."

News URL

https://go.theregister.com/feed/www.theregister.com/2022/07/25/twitter_investigates_data_breach/