Another data breach has occurred, this time it’s Twitter that has been targeted. Twitter has been forthcoming with the detail of the issue, timelines and notification to affected users. The exploit was a “zero day” bug that allowed external queries against phone numbers or email addresses:
We want to let you know about a vulnerability that allowed someone to enter a phone number or email address into the log-in flow in the attempt to learn if that information was tied to an existing Twitter account, and if so, which specific account.
For many users, this probably isn’t a major issue; however, those who run accounts under a pseudonym — there are some legitimate reasons — may not be so happy. The breach has not, per Twitter’s post, compromised any passwords to accounts so at this time accounts remain secure.
In terms of data breach, while this one hasn’t forced millions of users to change passwords there are still risks and flow on effect of the exploit. It’s a timely reminder to ensure you’re running two-factor authentication wherever it’s offered and make sure you use strong passwords.