Skip to main content

This Twitter vulnerability may have revealed owners of burner accounts

Twitter recently announced the existence of a security vulnerability that poses a particular risk for anonymous and pseudonymous Twitter accounts.

On Friday, the popular social media platform published a blog statement describing the nature of the security vulnerability, which, if exploited, could let someone send contact information (phone numbers, email addresses) to Twitter’s systems, which would then “tell the person what Twitter account the submitted email addresses or phone number are associated with, if any.” Essentially, with this bug, if you had someone’s contact information, you could use it to figure out which accounts on Twitter were theirs.

Recommended Videos

And while Twitter says that this vulnerability has been fixed, the bug unfortunately hadn’t been fixed before someone took advantage of it.

According to Twitter’s blog statement, the bug was reported to Twitter in January 2022 and it “immediately investigated and fixed it.” But then, in July, it discovered via “a press report” that someone had already exploited the vulnerability and was now trying to sell the data they collected. Twitter then reviewed a sample of that data and was able to verify that someone had “taken advantage of the issue before it was addressed.”

While Twitter says that it will be contacting the owners of accounts that were affected by this bug and its subsequent breach, that pertains only to account owners that it can confirm were affected. In fact, the blog post announcement of this incident was published because Twitter says it’s not able to confirm all of the accounts that could have been affected and that it is also concerned about “pseudonymous accounts” being targeted by “state or other actors.” It is also worth noting that Twitter said that passwords were not exposed in this breach.

Twitter did offer some advice for those with pseudonymous accounts: Don’t add a publicly available email address or phone number to your Twitter account. And for all Twitter users: Use two-factor authentication for logging in.

Anita George
Anita George has been writing for Digital Trends' Computing section since 2018. So for almost six years, Anita has written…
Twitter braces itself after source code leaked online
A stylized composite of the Twitter logo.

Parts of Twitter’s source code have been leaked online, according to a legal filing with the U.S. District Court of the Northern District of California.

First reported by the New York Times, the contents of Twitter’s source code -- the all-important software that powers the platform and makes it work -- showed up on GitHub, an internet hosting service for software development.

Read more
Twitter API broke links, images on the website this morning
A stylized composite of the Twitter logo.

Twitter broke in several places this morning, likely due to Twitter's own API. Slow load times, broken links, and services like TweetDeck went down on Monday, displaying an error related to Twitter's API. This is not the first hurdle Twitter has seen due to its API under the new leadership of Elon Musk.

When using a link on Twitter or accessing a service like TweetDeck, you would see this message: "{"errors":[{"message":"Your current API plan does not include access to this endpoint, please see https://developer.twitter.com/en/docs/twitter-api for more information","code":467}]}" That's not too helpful -- going to the website address in the error would take you to a page with the same error.

Read more
Twitter will soon be a bit less irritating for many people
Twitter logo in white stacked on top of a blue stylized background with the Twitter logo repeating in shades of blue.

With or without Elon Musk at the helm, Twitter can’t seem to decide what it wants to do with its algorithmic timeline, currently branded as “for you,” which shows tweets it thinks you'll like, whether or not you follow the tweeter.

For years it’s been messing about not only with the algorithm but also with the extent to which it forces the timeline on users.

Read more