Skip to main content
  1. Home
  2. Social Media
  3. News

This Twitter vulnerability may have revealed owners of burner accounts

Anita George
By

Twitter recently announced the existence of a security vulnerability that poses a particular risk for anonymous and pseudonymous Twitter accounts.

On Friday, the popular social media platform published a blog statement describing the nature of the security vulnerability, which, if exploited, could let someone send contact information (phone numbers, email addresses) to Twitter’s systems, which would then “tell the person what Twitter account the submitted email addresses or phone number are associated with, if any.” Essentially, with this bug, if you had someone’s contact information, you could use it to figure out which accounts on Twitter were theirs.

And while Twitter says that this vulnerability has been fixed, the bug unfortunately hadn’t been fixed before someone took advantage of it.

Related

According to Twitter’s blog statement, the bug was reported to Twitter in January 2022 and it “immediately investigated and fixed it.” But then, in July, it discovered via “a press report” that someone had already exploited the vulnerability and was now trying to sell the data they collected. Twitter then reviewed a sample of that data and was able to verify that someone had “taken advantage of the issue before it was addressed.”

While Twitter says that it will be contacting the owners of accounts that were affected by this bug and its subsequent breach, that pertains only to account owners that it can confirm were affected. In fact, the blog post announcement of this incident was published because Twitter says it’s not able to confirm all of the accounts that could have been affected and that it is also concerned about “pseudonymous accounts” being targeted by “state or other actors.” It is also worth noting that Twitter said that passwords were not exposed in this breach.

Twitter did offer some advice for those with pseudonymous accounts: Don’t add a publicly available email address or phone number to your Twitter account. And for all Twitter users: Use two-factor authentication for logging in.

Editors' Recommendations

Topics
Trump allowed to return to Facebook and Instagram
Trump stylized image
Hackers dug deep in the massive LastPass security breach
The LastPass logo appears in front of a menacing hooded figure.
If you use PayPal, your personal data may have been compromised
A person holds a mobile phone with the PayPal app open.
Hackers stole $1.5 million using credit card data bought on the dark web
A credit card is passed from one person to another.
Elon Musk reveals date for Twitter Blue relaunch
A stylized composite of the Twitter logo.
What is Twitter Blue and is it worth it?
Twitter Blue menu option on a white screen background which is on a black background.
Twitter closes offices as ‘work pledge’ deadline passes
A stylized composite of the Twitter logo.
What is Ambient Mode on YouTube?
The red and white YouTube logo on a phone screen. The phone is on a white background.
What is BeReal?
BeReal app notification on an Apple Watch.
How to delete a BeReal post
BeReal app showing a photo of some clothes.
How to use TikTok’s voice changer
A person's hand holding a phone with the TikTok app on it.
Twitter attempts to sort out verification system with new badges
A lot of white Twitter logos against a blue background.
Hive Social is my favorite Twitter alternative, but that’s not saying much
iPhone 14 Pro in hand showing off profile page on Hive Social app