Twitter is a well-known micro-blogging site, we all know that. Last Friday however the platform of the same name stated the existence of a vulnerability that compromises the privacy of more than 5 million profiles on the social network.

Basically on Twitter there are some bugs that compromise the “health” of an avalanche of profiles.

The platform with the bird doesn’t always report bugs hackers use to steal personal data in time: this is one of these cases!

Which (or which) are the Twitter bugs that hackers would exploit

A cyber security expert would say that “safety starts with you“, However, this is not the case because we are talking about a bug on the Twitter platform.

The bug found is one zero-day, basically a code hole discovered by hackers well before the developer notices it.

“As a result of the vulnerability, if someone sent their phone number or email address to Twitter’s systems, those systems could tell the person [l’hacker] which account sent the email with the telephone number, if they are associated“, It was how long stated by the company.

Twitter had however stated that the bug was already known in January 2022, resulting from a change of code related to still in June of the previous year, but which nevertheless no password had been exposed to any possible hacker attack.

The six-month delay in making this issue public comes from tests carried out last month that an unidentified hacker had potentially taken advantage of the vulnerability, well before the fix, to glean user information and sell it for profit on Breach Forums.

Anche se Twitter non rivela il numero esatto di utenti colpiti, si stima che questo bug colpisca (o comunque metta a rischio) all'incirca 5 milioni e mezzo di profili; che è un numero considerevole. Infatti se consideriamo che Twitter ha circa 1,3 milioni di utenti, si tratta del 4% dell'utenza potenzialmente a rischio.

agreed to pay one fine of 150 million dollars to the United States Department of Justice for this matter. A curious development came when Twitter in May,to the United States Department of Justice for this matter.

The fine actually speaks of not-quite-regular things that occurred between 2014 and 2019: in fact, the company is by no means new to letting go of undeclared problems like this one, which are later discovered by experts.

It goes without saying that “if Muhammad does not go to the mountain, the mountain goes to Muhammad“, As the verb says, which translated into social terms means: if the platform does not help us we must help ourselves.

Now let’s see some tips on how not to have this problem or how to minimize it.

If the hacker exploiting this Twitter zero-day bug catches you, here’s what to do

Two-factor authentication

As the company itself said, this is a little help but possibly do it with the passage via email and not via application! This will make it much more difficult for the hacker to reach your email because it has a number of extra protections.

Use a secondary email that you only use on social networks

I know, creating your own email address and using more than one or two is a pain: but with the “splitting” of the emails it will be much easier for you to protect your personal data.

For this purpose I recommend the service Protonmail.

Delete your phone number from Twitter

Believe it or not to connect to Twitter it is not absolutely necessary to use a phone number, you can do everything via email.

If you are asked for the number for verification, you can only use it for that purpose but remember to remove it once the profile is verified.

On smartphone: use the browser instead of the application to log in to Twitter

If you access it by phone, you will most likely use the application. The browser, however, guarantees more protections not just! One above all: you can log out very easily by deleting cookies, which are the most exploited thing for the theft of personal data.

I know that there are many limitations to using certain social networks with a browser instead of with the application, fortunately Twitter has no particular restrictions with the browser on the phone, unlike Facebook.