Cybercriminals don’t miss a hacking opportunity as soon as they become aware of a security flaw. That is precisely the last case that has happened with the Twitter social networkwhere 5.4 million accounts have been compromised.
Failure has above all affected the anonymity of many millions of accountswhich used a vulnerability in a code update from last year.
Millions of accounts with stolen data
The case actually dates back to January 2022, when some hacker exploited a vulnerability in the code update of the social network in June 2021 and that it allowed a phone number or email address to be entered into login in an attempt to learn if that information was linked to an existing Twitter account, and if so, to which specific account.
This has compromised the personal data of 5.4 million accounts, although this time there has been no password theft. The main impact of this theft of personal information has to do with those who wanted to have anonymous accounts. Of course, the associated emails and mobiles could also be a sweet tooth for other cybercriminals.
The bug was communicated to Twitter in that month of January 2022 through the bug bounty program. Back then it was fixed and they had no record that it had been taken advantage of.
However, a more recent report by Bleeping Computer reported the sale of that database with 5.4 million accounts and their associated email addresses and mobile phone numbers for a price of $30,000 in a hacking forum. That is when Twitter verified the veracity of said leak and hence it was made public.
How to know if you are affected
From the social network itself they confirm that at the moment they do not know which accounts and how many have been compromised. Nevertheless, they will inform all the owners of one of them directly if there is confirmation that it has been affected.
“We will directly notify account owners that we can confirm were affected by this issue. We are posting this update because we cannot confirm all accounts that were potentially affected, and we are particularly mindful of people with pseudonymous accounts that may be targeted by the state or other actors.”
If you prefer to take the initiative yourself, either because you are concerned about the security of your account or have questions about how Twitter protects your personal information, you can contact the Data Protection Office through this form.
How to protect yourself: two-factor authentication
From Twitter they recommend (regardless of the affectation or not in this case) the activation of the two-factor authentication in Twitter for the login in the social network.
The process of activating this extra layer of security is simple: go into the options menu and stop at the “Settings and privacy” section. Here, select “Security and account access” and then “Security”.
Click or tap Two-Factor Authentication and choose your method for it: text message, authenticator app, or security key.
In addition to this 2FA, they recommend for keep your identity as hidden as possible Not having a publicly known phone number or email address added to your Twitter account.
