Twitter announced on Friday that a hacker exploited a bug in its system and was offering to sell personal data they had obtained.
The bug in question allowed an individual to submit an email address or a phone number and learn which specific account was associated with the information entered.
Twitter said that the vulnerability was first discovered in January but was quickly fixed, adding that there was no evidence at the time suggesting that personal information was compromised as a result of the bug.
However, in July, Twitter was notified that someone had potentially exploited the vulnerability and was attempting to sell personal information.
“After reviewing a sample of the available data for sale, we confirmed that a bad actor had taken advantage of the issue before it was addressed,” Twitter said in a blog post.
The tech giant said it will be notifying the account owners that were affected by the breach. The company added that it was publishing on the incident because it was unable to confirm every account that was potentially affected.
While passwords were not impacted, Twitter provided recommendations to users including not adding personal information, such as phone numbers or email addresses, to their accounts. It also suggested that users use a two-factor authentication as an extra layer of security to protect their accounts.