A bad actor was able to find out the account names associated with certain email addresses and phone numbers because of a security flaw in the service. A hacker was able to exploit the flaw before the issue was patched by Twitter.
The platform's code was updated in June 2021, but the vulnerability was not noticed until earlier this year. There was no evidence that someone had taken advantage of the vulnerability when it was discovered.
Bleeping Computer reported last month that a hacker was able to exploit the vulnerability while it was under the radar. The hacker amassed a database of over 5 million accounts and tried to sell it on a hacker forum for $30,000. The data posted to the forum was found to have been compromised.
It's not clear how many users have been affected by the problem. It isn't possible to confirm every account that was potentially impacted Anyone concerned about their secret accounts should attach an email address or phone number that isn't public knowledge to the account they don't want to be associated with.