Security Experts:

Connect with us

Hi, what are you looking for?



Twitter Patches Bug Exposing Details of 10,000 Users

Twitter has addressed a privacy bug that exposed email addresses and phone numbers associated with roughly 10,000 user accounts.

Twitter has addressed a privacy bug that exposed email addresses and phone numbers associated with roughly 10,000 user accounts.

According to the social media company, the flaw affected its password recovery system for approximately 24 hours last week. Users whose accounts were exposed have been notified.

Twitter pointed out that the vulnerability could not be exploited to obtain passwords or other information that could be used to directly access accounts.

“We take these incidents very seriously, and we’re sorry this occurred. Any user that we find to have exploited the bug to access another account’s information will be permanently suspended, and we will also be engaging law enforcement as appropriate so they may conduct a thorough investigation and bring charges as warranted,” Michael Coates, Twitter’s trust & info security officer, said in a blog post.

It’s clear that at least some people exploited this bug to obtain other users’ details. Cyber War News reported on February 10 that a Twitter user had boasted about being able to obtain email addresses and phone numbers linked to Twitter accounts. He backed his claims by posting the details of several users.

Twitter apparently made good on its promise because all accounts used at the time by the “hacker” have been suspended.

The company took this opportunity to remind users about the importance of a good account security hygiene and advised them to use strong passwords, revoke the privileges of third-party apps they don’t recognize, enable two-step authentication, review account logins for any suspicious activity, and require additional info when the password reset feature is used.

Twitter has made several security-related announcements over the past few months. The company has started warning users when their accounts might be targeted by state-sponsored attackers, and announced the formation of the Twitter Trust & Safety Council, whose goal is to boost users’ trust across the social network.

Related: Twitter Suspends Over 100K Accounts Related to Terrorism

Related: Twitter Backs Proposal for Delaying SHA-1’s Sunset

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Many in the United States see TikTok, the highly popular video-sharing app owned by Beijing-based ByteDance, as a threat to national security.The following is...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...


Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...

Mobile & Wireless

As smartphone manufacturers are improving the ear speakers in their devices, it can become easier for malicious actors to leverage a particular side-channel for...

Application Security

Less than a week after patching critical security defects affecting multiple enterprise-facing products, VMware is warning that one of the flaws is being exploited...


U.S. fighter jets successfully shot down the high altitude spy balloon launched by and belonging to China.


Meta was fined an additional $5.9 million for violating EU data protection regulations with WhatsApp messaging app.