In an attack on Twitter, data of 5.4 million users was stolen, which was then offered for sale on the Internet, the company has confirmed. Last month, Restore Privacy reported that an attacker had obtained account details of 5.4 million users through a vulnerability in Twitter. The vulnerability made it possible to retrieve telephone numbers and email addresses of Twitter accounts, even though the user had protected these fields via the privacy settings. In a statement, Twitter confirms the data theft and that a vulnerability was abused. The bug was introduced into the platform’s code in June of last year and was fixed in January of this year, after Twitter was notified through the bug bounty program. In the meantime, however, an attacker had already used the vulnerability to steal user data. Twitter will inform affected users about the data breach. In addition, the company advises users of a pseudonymous Twitter account not to associate a publicly known phone number or email address with the account.