Twitter reveals information about a security vulnerability that can let someone discover whether a specific email address or phone number is tied to an existing Twitter account.
The company has written in a blog post that in January 2022, they have received a report through their bug bounty program of a vulnerability in Twitter’s systems.
As a result of the vulnerability, if someone submitted an email address or phone number to Twitter’s systems, Twitter’s systems would tell the person what Twitter account the submitted email address or phone number was associated with if any.
It means that, if you had someone’s email address or phone number, you would be easily able to find out whether a Twitter account was tied to that address or number.
In June 2021, The vulnerability was a result of Twitter’s code update and Twitter has said that it immediately investigated and fixed it. Twitter also says it has no evidence to suggest someone had taken advantage of the vulnerability.
Twitter says that, in July 2022, it “learned from a press report” that someone has gathered this info and was trying to sell it online. Twitter reviewed a sample of the data, and observed that this person was indeed selling the real thing, MSN reports.
