Twitter announced on Aug. 5 that it found a security flaw in its system that enabled a threat actor to learn about whether a phone number or an email address was associated with an existing Twitter account, after 5.4 million Twitter accounts were reportedly exposed by a threat actor.
In a security advisory, Twitter said that in January 2022, it received a report about a vulnerability that enabled a person to submit an email address or phone number to Twitter’s systems and learn about any existing Twitter account that was associated with the provided data.
The report was submitted by a user named “zhirinovskiy” on HackerOne, a vulnerability coordination and bug bounty platform. The user described the vulnerability issue and how it could be exploited. Five days later, Twitter acknowledged the matter and rewarded zhirinovskiy with a $5,040 bounty for the report….