So about that Twitter thing here:

- 2022-01: Twitter learns of a vuln allowing anyone to find the account a phone number or e-mail is connected to. They "had no evidence" of it being exploited, so they took their time.

- 2022-07: Fix is deployed. They still didn't tell anyone.

- 2022-08: Twitter learns it _was_ exploited, and a data dump is already on sale.

Sounds like a bog standard incident, but here's the kicker:

- 2022-03: invades .


Quite predictably, as the invasion started, Twitter became the prime venue for discussing the conflict - everything from tactics to politics to after-action footage.

I imagine there were many in who wanted to add their voice to condemning Putin and his invasion, and chose Twitter as the venue. Many would hope to escape consequences from the regime by staying pseudonymous.

Unfortunately, there's a database on sale that will identify them, and FSB can easily afford to buy it.


All because of what? . has been forcing people for years to add their phone numbers to their accounts, going as far as locking any new account after 30 minutes to couple days, citing "suspicious activity", which is a completely bullshit way to force people to compromise themselves without triggering a wave of complains.

There's a high chance this vuln will get people maimed and killed. Mostly because they kept it secret past 2022-02-24, despite the obvious risks.


> #Twitter has been forcing people for years to add their phone numbers to their accounts...

I managed to get around this by sending them a ticket that said (*very* careful wording): "I do not have a cell number that I can give you. Kindly reinstate my account..."

It worked, but even then, I knew I was on borrowed time.

Deleted my account when #ElongatedMuskrat started courting them.

Sign in to participate in the conversation
Mastodon for Tech Folks

This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either!