A security vulnerability on Twitter allowed a bad actor to find out the account names associated with certain email addresses and phone numbers. Twitter initially patched the issue in January after receiving a report through its bug bounty program. A hacker managed to exploit the flaw before Twitter even knew about it.
The vulnerability, which stemmed from an update the platform made to its code in June 2021, went unnoticed until earlier this year. This gave hackers several months to exploit the flaw.
A hacker managed to steal a database of over 5.4 million accounts. The hacker then tried to sell the information on a hacker forum for $ 30,000. Twitter confirmed that its user data had been compromised.