a hacker could access the list of your secret accounts

Twitter has just confirmed that it was the victim of a huge 0-day flaw without its knowledge for several months. The flaw in question was spotted by an ethical hacker and then patched by Twitter in January. But the social network realized after investigation that the problem actually comes from an update to Twitter’s code dating from June 2021.

This left several months the possibility of exploiting this security flaw. Concretely, the flaw in question made it possible to find all the Twitter accounts associated with a given email address. In other words, it becomes possible to find all the secret user accounts – and put a face to it.

The 0-day flaw that affected Twitter made it possible to find all the secret accounts linked to an email address

Twitter claims “have no evidence that someone was able to exploit this vulnerability”. But not everyone seems to agree with these reassuring remarks. Our colleagues from Bleeping Computer, in particular, link this 0-day flaw to a huge database for sale on a specialized forum.

We already told you about it a few days ago. The hacker in question, who calls himself “devil”, thus offers a database with the identifiers of more than 5.4 million accounts – against the sum of 30,000 dollars. And to specify that the accounts “Range from celebrity accounts, corporate accounts, random accounts, original accounts, etc.”.

Twitter then confirmed that its data had been compromised after this hack. According to The Verge, however, the problem may go far beyond these few million accounts. Indeed, because of the method used, it is very difficult for Twitter to confirm on its side which accounts could have been compromised.

Thus the social network would have already written directly to the users whom it suspects of being impacted according to the blog – without being able to be 100% certain of having really warned all the people concerned. If you have Twitter accounts that you absolutely want to keep secret, the best advice is to associate them with a different email address that only you know.

Read also – Twitter, GitHub, AWS… thousands of apps leak your account keys

It is also strongly advised to change your password following the latest hacks – and to activate two-factor authentication if it has not already been done.



Please enter your comment!
Please enter your name here