A massive Twitter data breach that was revealed a few months ago appears to be even more extensive than initially reported.
Twitter acknowledged that a flaw in its systems had been exploited to obtain user information in August. The flaw, which was discovered in June 2021, allowed users to find out whether a given phone number or email address was connected to an active Twitter account, even for accounts where the data was supposed to be private.
The social media juggernaut was alerted to the vulnerability in January, and it was quickly fixed, but not before malicious actors took advantage of it. Twitter acknowledged the vulnerability’s exploitation in August 2022, following rumors that it had been used to gather information on 5.4 million users. On hacking message boards at the time, this database was being sold for USD 30,000 at the time.