In August 2022, Twitter informed customers that a vulnerability in its systems had been exploited to obtain user data. The flaw, patched in January 2022, was used to determine whether a specified phone number or email address were tied to an existing Twitter account.
Twitter confirmed exploitation of the vulnerability after reports started circulating that the flaw had been leveraged to collect data on 5.4 million users.