Connect with us

Hi, what are you looking for?

Social Media

Twitter bug may have shown email addresses of thousands of users

The bug affected Twitter’s password recovery systems for around 24 hours last week, the company said today. It “had the potential” to reveal the email address and phone numbers of “less than 10,000” active accounts but did not directly reveal the user’s password.
Twitter has already contacted the affected users and will be providing advice on what to do next. Twitter is confident the issue has since been patched and that no further accounts have been affected.
The company said: “We recently learned about — and immediately fixed — a bug that affected our password recovery systems for about 24 hours last week. The bug had the potential to expose the email address and phone number associated with a small number of accounts (less than 10,000 active accounts). We’ve notified those account holders today, so if you weren’t notified, you weren’t affected.”
The information on display isn’t enough to login to a Twitter account but is easily sufficient for an attacker to start a phishing or scam campaign. Active email addresses and phone numbers are valuable pieces of personal data that should only be distributed to trusted friends, family, co-workers and businesses.
Twitter has contacted the relevant law enforcement bodies. A full investigation will be conducted into the day-long vulnerability to ensure it does not happen again. Twitter said it will be taking harsh action against any users who have exploited the bug, warning they will be handed permanent account suspensions.
The company said today: “We take these incidents very seriously, and we’re sorry this occurred. Any user that we find to have exploited the bug to access another account’s information will be permanently suspended, and we will also be engaging law enforcement as appropriate so they may conduct a thorough investigation and bring charges as warranted.”
Twitter has provided suggestions to users on how to maintain “good account security hygiene.” This consists of the usual round of security tips, advising people to use a strong password with a mixture of different character types and enable two-factor authentication where possible. This prevents an attacker accessing an account by requiring a unique code, sent via SMS, to be entered at login.
This security incident may be comparatively minor, based on the number of users thought to be involved, but it doesn’t mean people who aren’t affected should pass it off as an irrelevance. Twitter users can review their security settings and recent account logins in the “Security and privacy” section of the website’s Settings menu.

Written By

You may also like:

World

Different values, different country. Donald Trump's unlikely plan for Canada to become the 51st US state is leading to a surge of national pride.

Business

Every manufacturer is different and relies on different areas and aspects of their business to set themselves apart from the competition.

Life

The number of children who must share playgrounds well beyond their capacity has been described as a ‘postcode lottery’.

Business

Nintendo has been tight-lipped about a launch date for its new gaming console amid heavy speculation its release could be imminent - Copyright AFP...