One of the benefits of being online on social media accounts is that you can sort of remain anonymous, or you can be as public as you want. While remaining anonymous might sometimes be negatively attributed with being a troll or a keyboard warrior, there are many legitimate reasons why someone might not be willing to put themselves out there on the internet.
Unfortunately for some Twitter users, that choice might have been taken away from them. Twitter has recently disclosed that due to a security flaw, it allowed someone to enter a phone number or email address and discover if that person might have an existing Twitter account.
“We want to let you know about a vulnerability that allowed someone to enter a phone number or email address into the log-in flow in the attempt to learn if that information was tied to an existing Twitter account, and if so, which specific account. We take our responsibility to protect your privacy very seriously and it is unfortunate that this happened. While there’s no action for you to take specific to this issue, we want to share more about what happened, the steps we’ve taken, and some best practices for keeping your account secure.”
Twitter says that they had originally received a tip via their bug bounty program earlier this year, and at that time the company said that they did not see any evidence to suggest that it might have been exploited. It was only later that it was discovered that a database was being sold online that contained 5.4 million Twitter accounts.
The issue has since been patched, but it might have been too late. Twitter will be letting users affected by this vulnerability know about this issue, but unfortunately there’s really not much else users can do.