Twitter and Twilio Breaches

Twitter has experienced elevated data security issues in recent years.  The data of around 5.4 million anonymous user accounts was recently on sale on an underground forum for $30,000 between last June 2021 and January 2022.  Ultimately, a lower price was negotiated by the buyers.  Through the stolen data, the new owners could theoretically trace their way back to gain access to the accounts themselves.  Though the accounts were anonymous, the hackers claimed they were those of both celebrities and random people alike.

For such low impact data as was stolen, the risk might seem trivial in comparison to other breaches.  The main concern, as CPO Magazine highlights, comes from totalitarian governments using the accounts to identify and target activists and other political opponents.  Even without that component, a surge in spear phishing—which is a form of targeted phishing specifically aimed at members of an organization—is another possibility.  Hopefully this incident remains fairly benign, and doesn’t end up surpassing the 2020 social engineering scheme that saw major Twitter accounts like those of Bill Gates and Barack Obama turned into cryptocurrency barkers.

Another recent breach involves the communications firm Twilio.  With clients such as Facebook and Uber, Twilio boasts over 150,000 corporate customers: a tempting prospect for cyber criminals.  The data of some 125 of those customers was accessed this month by unauthorized individuals, reported the company.  Spear phishing claims responsibility here.  The cyber criminal convinced multiple employees into giving up their credentials through SMS phishing messages, by positioning themselves as the company’s IT department.  Informing the employees that their passwords had expired or some other fake warning led them to clicking on a login link that looked legitimate but ultimately was under the hacker’s control.  The hacker was then able to use these credentials to gain access to Twilio’s internal systems. 

What we have here is simply another case of social engineering, where employees are unwittingly tricked into sharing their information.  Should this happen to an organization, as it so often will, it’s necessary to have a last line of defense to thwart the roving hackers.  NetLib Security’s Encryptionizer solution can assist on that front, providing quick and efficient encryption of data at rest – keeping safe any critical data one wants to hide from unauthorized eyes.  Request a free eval here.


By: Jonathan Weicher, post on August 24, 2022
Originally published at: https://www.netlibsecurity.com
Copyright: NetLib Security