Twitter has confirmed a vulnerability in its code led to a data exposure late last year. In a blog post published on Friday, the company said a malicious actor took advantage of a zero-day flaw before it became aware of and patched the issue in January 2022. The vulnerability was discovered by a security researcher who contacted Twitter through the company’s bug bounty program.When Twitter first learned of the flaw, it said it had “no evidence” to suggest it had been exploited. However, an individual told Bleeping Computer last month that they took advantage of the vulnerability to obtain data on more than 5.4 million accounts. Twitter said it could not confirm how many users were affected by the exposure. The vulnerability allowed the bad actor to determine whether an email address or phone number was tied to an existing Twitter account. In turn, they could use that information to determine the identity of an account’s owner.“We are publishing this update because