A hacker obtained the usernames and email addresses of more than 5 million Twitter accounts, including those belonging to celebrities, businesses, organisations, and many more, as a result of a weakness in its system.

The social media app said:

"We want to let you know about a vulnerability that allowed someone to enter a phone number or email address into the log-in flow in the attempt to learn if that information was tied to an existing Twitter account, and if so, which specific account."

The Independent was the first to publish that Twitter was alerted early this year of a weakness in its system. If someone gave Twitter their email address or phone number, Twitter would notify them of any Twitter accounts to which the given information may be connected.

Also Read: Uber Files Leaked: How Info Hidden By Corporations And Politicians Breaches Data Ethics

The issue surfaced for the first time in June 2021 but was fixed eventually. The company's assertion that it had no proof of a hacker using this exploit was challenged in July 2022, when it was claimed that the information of over 5.4 million users was allegedly being sold on a hacker forum for £25,000, approximately.

Threat Actor Share The Selling Price For Stolen Data

twitter hacked

In an interview with BleepingComputer, the malicious actor acknowledged using a vulnerability in December 2021 to obtain the data. They have already been contacted by potential buyers, and they are presently selling the data for £25,000.

Also Read: Meta Monopolising Metaverse? Mark Zuckerberg’s Acquisition Strategy May Be Illegal

After carefully examining a sample of the stolen data, Twitter established that a malicious actor had definitely taken advantage of the vulnerability after learning about it in July. This allowed the malicious actor to exploit it before Twitter could fix it.

Twitter Will Individually Reach Out To Owners Of The Hacked Accounts

The microblogging service announced that it will immediately inform any accounts that were proven to have been harmed by the incident. The business acknowledged, meanwhile, that it is still unsure of whose accounts were impacted and that it is being cautious when dealing with "pseudonym accounts" that may be used by bad actors.

According to Twitter, there is currently nothing users can do to protect their data. However, they should enable two-factor authentication for all accounts to stop future security breaches.



EM360, as you know it is about to change. CIA hackers, Google visionaries and some of the other biggest influencers from the tech industry are waiting to engage with you on the technologies that will define the future of enterprise tech. All you have to do is sign up as a premium EM360 Tech Community Member.

Features You Can Unlock As An EM360 Tech Community Member:

  • Engage with the leading influencers of Cyber Security, Data Management, Enterprise AI and more.
  • Gain access to our expanding library of exclusive content and resources.
  • Get insights and opinions from industry leaders on the latest trending topics.
  • Rise through the ranks to become an Industry Guru and GET PAID to express your opinion.

If you are a tech enthusiast, this is the place you need to be. Find out more about the EM360 Tech Community.