Is There Anything You Can Do to Protect Yourself?

Twitter disclosed the vulnerability in August of 22. It was reported to them through a bug bounty that they had. The bad guy would have scraped all the information that he wanted, and then, and then reported the bug and got maybe a reward for it. If you identify a security vulnerability, unless you're working as part of a team, keep it to yourself.