(C) BoingBoing
This story was originally published by BoingBoing and is unaltered.
. . . . . . . . . .



Massive security breach exposes anonymous Twitter accounts' email addresses and phone numbers [1]

['Mark Frauenfelder']

Date: 2022-08-09

Anyone who uses a pseudonymous Twitter account should read Twitter's statement about a significant security breach that has resulted in a for-sale list of millions of Twitter handles and their associated phone numbers and email addresses. I feel sorry for whistleblowers and activists working in authoritarian countries.

In January 2022, we received a report through our bug bounty program of a vulnerability in Twitter's systems. As a result of the vulnerability, if someone submitted an email address or phone number to Twitter's systems, Twitter's systems would tell the person what Twitter account the submitted email addresses or phone number was associated with, if any. This bug resulted from an update to our code in June 2021. When we learned about this, we immediately investigated and fixed it. At that time, we had no evidence to suggest someone had taken advantage of the vulnerability. In July 2022, we learned through a press report that someone had potentially leveraged this and was offering to sell the information they had compiled. After reviewing a sample of the available data for sale, we confirmed that a bad actor had taken advantage of the issue before it was addressed.

Twitter also adds:

If you operate a pseudonymous Twitter account, we understand the risks an incident like this can introduce and deeply regret that this happened. To keep your identity as veiled as possible, we recommend not adding a publicly known phone number or email address to your Twitter account.

The problem is that Twitter all but forces you to provide a phone number to use the service.

A commenter on Hacker News provides the upshot:

[END]
---
[1] Url: https://boingboing.net/2022/08/09/massive-security-breach-exposes-anonymous-twitter-accounts-email-addresses-and-phone-numbers.html

Published and (C) by BoingBoing
Content appears here under this condition or license: Creative Commons BY-NC-SA 3.0.

via Magical.Fish Gopher News Feeds:
gopher://magical.fish/1/feeds/news/boingboing/

You are viewing proxied material from magical.fish. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.