Twitter has affirmed that it has been breached as a result of the exploitation of a security vulnerability that has enabled the matching of phone numbers or email accounts with any Twitter account, indicating a significant privacy risk to users around the world, according to CyberScoop.
While Twitter has not yet identified the exact number of accounts that have been compromised by the incident, it has already patched the vulnerability and assured that threat actors were not able to access account passwords.
"We are publishing this update because we aren't able to confirm every account that was potentially impacted, and are particularly mindful of people with pseudonymous accounts who can be targeted by state or other actors," said Twitter.
Twitter's confirmation comes after BleepingComputer reported last month regarding the sale of data from 5.4 million Twitter users that have been exfiltrated from the breach.
Cerfta Lab founder Amin Sabeti cautioned that Iran, Saudi Arabia, and other countries may leverage data exposed from the Twitter hack to target dissidents.
"If the Iranian regime can get a copy of this data and then find their target, it doesn't matter if the user deletes the account right now because the user will be identified via mobile number or email," said Sabeti.
