Social media firm Twitter has issued a public assertion relating to allegations that it was hacked earlier this yr.
Writing in a weblog publish on Friday, the Elon Musk-owned platform mentioned it realized that somebody had doubtlessly exploited a vulnerability that Twitter reportedly found in January and glued in June 2022.
The flaw enabled somebody submitting an e mail deal with to Twitter’s methods to search out an related telephone quantity (if one existed) and vice versa.
In accordance with the announcement, Twitter realized of the vulnerability having been exploited in July, with somebody providing to promote the data that they had compiled.
“After reviewing a pattern of the accessible knowledge on the market, we confirmed {that a} unhealthy actor had taken benefit of the problem earlier than it was addressed. On the time, we notified the affected customers promptly,” reads the blog post.
“As quickly as we turned conscious of the information, Twitter’s Incident Response Workforce in contrast the info within the new report back to knowledge reported by the media on 21 July 2022. The comparability decided that the uncovered knowledge was the identical in each circumstances.”
The agency additionally clarified that whereas no passwords had been uncovered, Twitter prompted customers to allow 2-factor authentication (2FA) to guard accounts from unauthorized logins.
“We additionally encourage Twitter customers to stay further vigilant when receiving any type of communications over e mail, as menace actors could leverage the leaked info to create very efficient phishing campaigns.”
The information comes weeks after a number of C-level safety and privateness executives resigned from Twitter following the Elon Musk acquisition of the social media agency.
“With the entire modifications at Twitter over the last few months and issues about safety on the website, the reviews of person knowledge leaks had been understandably troubling to customers, no matter Twitter’s makes an attempt to reduce issues,” mentioned Melissa Bischoping, director of endpoint safety analysis at Tanium.
“Whereas the leaked knowledge could have been the results of the beforehand compiled knowledge and reportedly doesn’t include passwords, customers ought to nonetheless take into account this a well timed reminder to audit credential hygiene and multi-factor authentication enforcement on all their accounts.”
