New York: Microblogging platform Twitter has acknowledged that the privacy of several users’ accounts was at risk last year when a flaw in its software was exploited by a malicious person. However, Twitter did not confirm the report that the data has been offered for online sale due to this technical flaw, about 5.4 million users around the world. But it has admitted that its users were affected in the breach.
The risk of such exposure to details of people using Twitter as a platform for exchange of ideas is extremely worrying. The reason for this is that many Twitter account holders do not disclose their identities for security reasons because they fear being persecuted by repressive authorities. Jeff Kosef, a data security expert at the US Naval Academy, said in a tweet on this, “This situation is very bad for many people using pseudonymous Twitter accounts.”
Twitter said in a statement Friday that a glitch in its software allowed a person to determine when a person logs in to determine which existing Twitter account a particular phone number or e-mail is associated with. Due to this, account holders can be easily disclosed. Twitter, however, claimed no information about the number of account holders affected by the incident, saying that none of the passwords were revealed.
A Twitter spokesperson said via e-mail, “We can confirm that this had a global impact. But we cannot say clearly about the exact number of people affected or their location.” Restore Privacy, a digital privacy advocacy group, said in a report released last month that the details gathered from the software glitch were being sold on a popular hacking platform for $30,000.
In January last, a security researcher pointed to this flaw in Twitter’s software. He was also given a reward of $5,000 for this. Twitter later said that the bug, which occurred during the June 2021 software update, was fixed immediately. Twitter said in its statement that it has come to know about the sale of data related to users. “A bad person took advantage of this flaw before it was fixed,” he said.
Along with this, Twitter said that it is informing its account holders about the incident being affected in this matter. The company said, “We are issuing this information because we cannot verify every account that is affected. We have special attention especially to people operating Twitter accounts under pseudonym because they can be targeted by the government and other parties.
Twitter has advised users to keep their identity anonymous. Along with this, he has also urged people not to give publicly known phone numbers or email address details in his Twitter account. Twitter said, “If you run a pseudonymous Twitter account, we understand the risks involved in such an incident. We deeply regret this incident.” (agency)