Cybercriminals don’t miss a hacking opportunity as soon as they become aware of a security flaw. That is precisely the latest case that has happened with the social network Twitter , where 5.4 million accounts have been compromised.
The bug has mainly affected the anonymity of many millions of accounts , in which a vulnerability was used in a code update last year.
Millions of accounts with stolen data
The case actually dates back to January 2022, when a hacker exploited a vulnerability in the social network’s code update in June 2021 that allowed a phone number or email address to be entered at login in an attempt to know if that information was linked to an existing Twitter account and, if so, to which specific account.
This has compromised the personal data of 5.4 million accounts , although this time there has been no password theft. The main impact of this theft of personal information has to do with those who wanted to have anonymous accounts. Of course, the associated emails and mobiles could also be a sweet tooth for other cybercriminals.
The bug was communicated to Twitter in that month of January 2022 through the bug bounty program. Back then it was fixed and they had no record that it had been taken advantage of.
However, a more recent report by Bleeping Computer reported the sale of that database with 5.4 million accounts and their associated email addresses and mobile phone numbers for a price of $30,000 in a hacking forum. That is when Twitter verified the veracity of said leak and hence it was made public.
How to know if you are affected
From the social network itself they confirm that at the moment they do not know which accounts and how many have been compromised. However, they will inform all the owners of one of them directly if there is confirmation that it has been affected.
“We will directly notify account owners that we can confirm were affected by this issue. We are posting this update because we cannot confirm all accounts that were potentially affected, and we are particularly mindful of people with pseudonymous accounts that may be targeted by the state or other actors.”
If you prefer to take the initiative yourself, either because you are concerned about the security of your account or have questions about how Twitter protects your personal information, you can contact the Data Protection Office through this form .
How to protect yourself: two-factor authentication
From Twitter they recommend (regardless of the affectation or not in this case) the activation of the two-factor authentication in Twitter for the login in the social network.
The process of activating this extra layer of security is simple: go into the options menu and stop at the “Settings and privacy” section. Here, select “Security and account access” and then “Security”.
Click or tap Two-factor authentication and choose your two-factor authentication method: text message, authenticator app, or security key.
In addition to this 2FA, they recommend to keep your identity as hidden as possible that you do not add a publicly known phone number or email address to your Twitter account.