Illustration by Alex Castro / The Verge

A security vulnerability on Twitter allowed a bad actor to find out the account names associated with certain email addresses and phone numbers (and yes, that could include your secret celebrity stan accounts), Twitter confirmed on Friday. Twitter initially patched the issue in January after receiving a report through its bug bounty program, but a hacker managed to exploit the flaw before Twitter even knew about it.

The vulnerability, which stemmed from an update the platform made to its code in June 2021, went unnoticed until earlier this year. This gave hackers several months to exploit the flaw, although Twitter said it “had no evidence to suggest someone had taken advantage of the vulnerability” at the time of its discovery.


Continue reading…


Leave a Reply