MADRID, Dec. 13 (Portaltic/EP) –
Twitter has confirmed that the cyberattack that resulted in the theft and leak of the data of 5.4 million users of the platform was due to an error in the update of its code carried out in June 2021, but has denied that cybercriminals have been able to continue exploiting this breach subsequently.
Cybersecurity platform HackerOne published a report last February, within the ‘bugs’ program (errors) and rewards provided by the social network for reporting bugs on the platform.
In this report, HackerOne told the company that, taking advantage of a security breach discovered in January, cybercriminals could collect user data.
Twitter has confirmed now that a security code update implemented in the month of June 2021 generated that vulnerability reported by the security company.
The platform has also ensured that when they had access to the HackerOne report they investigated “immediately” and took the necessary measures to solve it. However, it was not until July 2022 when he learned that this breach would have resulted in theft and the leaking of the data of 5.4 million users.
“After reviewing a sample of the data available for sale, we confirmed that a bad actor had took advantage of the problem before it was fixed“He added, pointing out that he warned each of those affected by this problem.
On the other hand, he recalled that recently “some press reports published that the data of Twitter users had supposedly been leaked” and he confirmed that he compared this information with that reported in July.
Then, it determined that the exposed data was the same in both cases, so that this error would not have harmed more users of the platform, beyond the previously confirmed 5.4 million.
In this way, he has denied the information recently published by security expert Chad Loder, who some days ago alerted that the vulnerability could be exploited by more malicious actors.
Then, Loder assured that he had access to a sample of stolen data that had not been previously reported and stated that he did not believe it was the same data breach that Twitter had acknowledged months before.
Finally, Twitter has suggested that users enable two-factor authentication to protect their accounts and prevent unauthorized logins.