Twitter on Friday disclosed a security glitch that could have allowed people to unmask account holders who tweeted under pen names.
“If you operate a pseudonymous Twitter account, we understand the risks an incident like this can introduce and deeply regret that this happened,” the company stated.
The tech company says it learned in January of a vulnerability -- present since a June 2021 update -- that allowed anyone who submitted an email address or phone number to Twitter's systems to discover what account was associated with that information.
Twitter also says it discovered last month that someone who may have exploited the glitch was offering to sell information he or she had compiled.
"After reviewing a sample of the available data for sale, we confirmed that a bad actor had taken advantage of the issue before it was addressed," Twitter wrote.
Twitter adds that it plans to notify people it can confirm were affected -- but hasn't been able to confirm everyone who may have been identified.
“We are publishing this update because we aren’t able to confirm every account that was potentially impacted, and are particularly mindful of people with pseudonymous accounts who can be targeted by state or other actors,” the company wrote.
News of this new security breach comes two months after the Federal Trade Commission fined Twitter $150 million for allegedly violating a 2011 consent decree that prohibited the company from misleading consumers about privacy. That consent order stemmed from allegations that security glitches at Twitter resulted in hackers obtaining access to some users' names, passwords and private messages.
Somewhat ironically, Twitter has fought to preserve users' anonymity in court and, in at least one case, was doing so while the security vulnerability was present.