Twitter Breach Takes a Turn

A new year means new challenges.  It can also mean resolving old challenges, however, which continue to manifest their not so pretty heads.  Everyone may have already heard of the massive Twitter data breach from last year: accessing a cache of non-public user data from December of 2021, cyber criminals went on to sell it for around $30,000.  The situation changed this past November, when all the data of the 5.4 million affected users was abruptly released onto hacker forums, free of charge.  Suddenly everything was out in the open, even including the compromised information of big names like Bill Gates and new Twitter CEO Elon Musk. 

A flaw in Twitter’s API (short for application programming interface), which collected the data in the first place, is responsible for the original vulnerability.  Why this critical data was left unprotected is unclear.  You would think a company like Twitter could afford strong data encryption, although I suppose it has been encountering financial problems lately.

Since the original breach, according to Bleeping Computer, several bad actors have used the Twitter data to steal other private information, beyond the standard emails and phone numbers.  Even then, yet another massive haul of stolen user data, this time in the tens of millions, is rumored to soon be released. 

When vast quantities of stolen personal data are involved, the situation can often be but one crucial part of a wider phishing scheme.  Gaining the ability to forge convincing-looking emails from Twitter itself can open a lot of doors.  Even the cautious recipient risks being fooled.  And the less cyber-hygienic even more so.  One possibility, posits TechHQ, is indeed for the stolen data to kick off a new phishing campaign, with banning emails or “confirmation” links to click on.  Human error continues to be a puzzle for organizations to try to solve but never get all the pieces in place.  If a fraudulent email looks real and implies enough urgency, the likelihood of a successful clickthrough increases.  One starts to wonder, regardless, if people don’t know not to click even on suspicious looking links by now, will they ever really learn?

By using preventative measures, such as NetLib Security’s Encryptionizer, one can encrypt their data and not have to worry about leaving it exposed for headline-grabbing cyber attackers.


By: Jonathan Weicher, post on January 12, 2023
Originally published at: https://www.netlibsecurity.com
Copyright: NetLib Security