In August, Twitter admitted that a vulnerability affecting its systems had been exploited to obtain user data. The issue, introduced in June 2021, could have been exploited to determine whether a specified phone number or email address was tied to an existing Twitter account, even for accounts where the information should have been private.
The vulnerability was reported to the social media giant in January and it was quickly fixed, but not before it was exploited by malicious actors.