{"id":198357,"date":"2022-08-09T11:33:08","date_gmt":"2022-08-09T09:33:08","guid":{"rendered":"http:\/\/sftarticles.wpenginepowered.com\/en\/?p=198357"},"modified":"2025-07-01T20:32:12","modified_gmt":"2025-07-02T03:32:12","slug":"security-flaw-twitter-accounts-exposed","status":"publish","type":"post","link":"https:\/\/cms-articles.softonic.io\/en\/security-flaw-twitter-accounts-exposed\/","title":{"rendered":"Security flaw at Twitter leaves certain accounts exposed"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">Twitter is having a really bad time of it at the minute. With Elon Musk trying desperately to pull out of his bid to buy the company while repeatedly trashing it in public, things are looking desperate. Unfortunately, however, things look set to get a little worse <strong>a security flaw in Twitter\u2019s code has opened up a vulnerability that hackers and malicious actors have been exploiting<\/strong>. Here is what you need to know.<\/p>\n\n\n<div class=\"sc-card-program\">\r\n  <div class=\"sc-card-program__body\">\r\n    <div class=\"sc-card-program__row clearfix\">\r\n      <div class=\"sc-card-program__col-logo\">\r\n        <img decoding=\"async\" class=\"sc-card-program__img\" alt=\"Twitter\" src=\"https:\/\/images.sftcdn.net\/images\/t_app-logo-xl,f_auto,dpr_2\/p\/9b1fcdde-96d8-11e6-8f6f-00163ec9f5fa\/2951943913\/twitter-Twitter%20logo.png\" width=\"100px\" height=\"100px\">\r\n      <\/div>\r\n      <div class=\"sc-card-program__col-title\">\r\n        <span class=\"sc-card-program__title\">Twitter<\/span>\r\n        <a class=\"sc-card-program__button sc-card-program-internal\" href=\"https:\/\/twitter.en.softonic.com\/\" target=\"_self\" rel=\"noopener noreferrer\">Download Now<\/a>\r\n      <\/div>\r\n      <div class=\"sc-card-program__col-rating\">\r\n        <svg class=\"rating-score__content\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" version=\"1.1\" x=\"0\" y=\"0\" viewbox=\"0 0 50 50\" enable-background=\"new 0 0 50 50\" xml:space=\"preserve\"><path class=\"rating-score__background rating-score--good\" fill=\"none\" stroke-width=\"6\" stroke-miterlimit=\"10\" d=\"M40 40c8.3-8.3 8.3-21.7 0-30s-21.7-8.3-30 0 -8.3 21.7 0 30\"><\/path><path class=\"rating-score__value rating-score__value--0\" fill=\"none\" stroke-width=\"6\" stroke-dashoffset=\"0\" stroke-miterlimit=\"10\" d=\"M40 40c8.3-8.3 8.3-21.7 0-30s-21.7-8.3-30 0 -8.3 21.7 0 30\"><\/path><text class=\"rating-score__number\" content=\"\" text-anchor=\"middle\" transform=\"matrix(1 0 0 1 25 31.0837)\" data-auto=\"app-user-score\"><\/text><\/svg>\r\n      <\/div>\r\n    <\/div>\r\n    <div class=\"sc-card-program__row\">\r\n      <span class=\"sc-card-program__description\"><\/span>\r\n    <\/div>\r\n    <div class=\"sc-card-program__row\">\r\n      <img decoding=\"async\" class=\"sc-card-program__bigpic\" src=\"\" onerror=\"this.style.display='none'\">\r\n    <\/div>\r\n    <a class=\"sc-card-program__link track-link sc-card-program-internal\" href=\"https:\/\/twitter.en.softonic.com\/\" target=\"_self\" rel=\"noopener noreferrer\"><\/a>\r\n  <\/div>\r\n<\/div>\n\n\n\n<p class=\"wp-block-paragraph\">Twitter released details about the security breach in a <a href=\"https:\/\/privacy.twitter.com\/en\/blog\/2022\/an-issue-affecting-some-anonymous-accounts\" target=\"_blank\" rel=\"noreferrer noopener\">blog post<\/a>. The post explains that the flaw enabled malicious actors to enter phone numbers and email addresses into Twitter\u2019s log-in flow to <strong>learn if the details were attached to an account as well as the account they were tied to<\/strong>. This, in essence, gave them the ability to match identities to accounts, even if those accounts were anonymous.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">According to the blog post, <strong>the flaw came from an update to Twitter\u2019s code back in June 2021<\/strong>. Even though Twitter found nobody was leveraging the vulnerability back then, this changed earlier this summer with Twitter saying:<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><em>\u201cIn July 2022, we learned through a press report that someone had potentially leveraged this and was offering to sell the information they had compiled. After reviewing a sample of the available data for sale, we confirmed that a bad actor had taken advantage of the issue before it was addressed.\u201d<\/em><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Twitter will be notifying all users who were affected by the bug <\/strong>and whose identities have been exposed. The company first learnt about the vulnerability thanks to its bug bounty program and has since closed it off so that no more users will face losing their anonymity.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">In other recent Twitter security news, be sure to look out for various <a href=\"https:\/\/twitter.en.softonic.com\/articles\/phishing-scams-hacked-twitter-accounts\" target=\"_blank\" rel=\"noreferrer noopener\">phishing scams that have been targeting verified accounts<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Twitter is having a really bad time of it at the minute. With Elon Musk trying desperately to pull out of his bid to buy the company while repeatedly trashing it in public, things are looking desperate. Unfortunately, however, things look set to get a little worse a security flaw in Twitter\u2019s code has opened &hellip; <a href=\"https:\/\/cms-articles.softonic.io\/en\/security-flaw-twitter-accounts-exposed\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Security flaw at Twitter leaves certain accounts exposed&#8221;<\/span><\/a><\/p>\n","protected":false},"author":9073,"featured_media":198363,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","wpcf-pageviews":0},"categories":[1015],"tags":[2358],"usertag":[],"vertical":[],"content-category":[],"class_list":["post-198357","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","tag-app-subdomain-redirectiontwitter"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/198357","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/users\/9073"}],"replies":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/comments?post=198357"}],"version-history":[{"count":1,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/198357\/revisions"}],"predecessor-version":[{"id":323397,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/198357\/revisions\/323397"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/media\/198363"}],"wp:attachment":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/media?parent=198357"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/categories?post=198357"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/tags?post=198357"},{"taxonomy":"usertag","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/usertag?post=198357"},{"taxonomy":"vertical","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/vertical?post=198357"},{"taxonomy":"content-category","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/content-category?post=198357"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}