Twitter hacker steals 5 million celebrity, company, and anonymous accounts’ personal information

There is nothing that users can do to protect their information in this issue

Adam Smith
Monday 08 August 2022 10:48 BST
Comments
(Getty Images)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

A Twitter breach has allowed hackers to find the account names and email addresses associated with millions of accounts.

This includes accounts of people who would rather keep their information pseudonymous, such as whistleblowers and celebrity accounts.

“We want to let you know about a vulnerability that allowed someone to enter a phone number or email address into the log-in flow in the attempt to learn if that information was tied to an existing Twitter account, and if so, which specific account”, Twitter said in a blog post confirming the attack.

It also said there is nothing that users can do to protect their information in this issue, but users should enable two-factor authentication on all accounts to better protect against future breaches.

Twitter received a report at the start of this year about a vulnerability in its system, whereby if someone submitted an email address or phone number to Twitter’s systems, Twitter’s systems would tell the person what Twitter account the submitted email addresses or phone number was associated with, if any.

This bug originated in June 2021, with Twitter fixing the issue. The company said at the time that it had no evidence of a malicious individual using this exploit, but that changed in July 2022 when it was reported that information about over 5.4 million accounts were being sold on a hacker forum for $30,000.

"Hello, today I present you data collected on multiple users who use Twitter via a vulnerability. (5485636 users to be exact)," the forums post selling the Twitter data stated, as reported by Bleeping Computer. "These users range from Celebrities, to Companies, randoms, OGs, etc."

Twitter says it will be “directly notifying the account owners we can confirm were affected by this issue”, adding that it is “publishing this update because we aren’t able to confirm every account that was potentially impacted, and are particularly mindful of people with pseudonymous accounts who can be targeted by state or other actors”.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in