Twitter says vulnerability in its software that exposed an undetermined number of owners of anonymous accounts to potential identity compromise last year was apparently exploited by a malicious actor. It did not confirm a report that data on 5.4 million users was offered for sale online as a result but said users worldwide were affected. The breach is especially worrisome because many Twitter account owners, including human rights activists, do not disclose their identities in their profiles for security reasons that include fear of persecution by repressive authorities. The company recommended users seeking to keep their identities veiled not add a publicly known phone number or email address to their Twitter account.