Technology Vulnerability Twitter API exposes data of 5.4 million users

Vulnerability Twitter API exposes data of 5.4 million users

-

Watch the Low-Code/No-Code Summit on-demand sessions to learn how to successfully innovate and achieve efficiencies by upskilling and scaling citizen developers. Watch now.


In July of this year, cybercriminals began selling the user data of more than 5.4 million Twitter users on a hacking forum after exploiting an API vulnerability revealed in December 2021.

Recently, a hacker released this information for free, as did other researchers reported a breach affecting millions of accounts in the EU and US

According to an blog post from Twitter in August, the exploit allowed hackers to submit email addresses or phone numbers to the API to identify which account they were associated with.

While Twitter patched the vulnerability in January this year, it still exposed the private phone numbers and email addresses of millions of users, highlighting that the impact of exposed APIs can be devastating to modern organizations.

Event

Intelligent security stop

On December 8, learn about the critical role of AI and ML in cybersecurity and industry-specific case studies. Register for your free pass today.

register now

The true impact of API attacks

The Twitter breach comes amid a spate of API attacks Salt Security reports that 95% of organizations have experienced security vulnerabilities in production APIs in the last 12 months and 20% have experienced a data breach due to security gaps in APIs.

This high exploitation percentage fits in with this from Gartner prediction that API attacks would become the most common attack vector this year.

One of the unfortunate realities of API attacks is that vulnerabilities in these systems allow access to unprecedented amounts of data, in this case the records of 5.4 million users or more.

“Because APIs are intended to be used by systems to communicate with each other and exchange massive amounts of data, these interfaces are an attractive target for malicious exploitation,” said Avishai Avivi, SafeBreach CISO.

Avivi notes that these vulnerabilities provide direct access to underlying data.

“While traditional software vulnerabilities and API vulnerabilities share some common features, they are fundamentally different. APIs rely to some extent on the system trying to connect to them,” said Avivi.

This trust is problematic because once an attacker has access to an API, he has direct access to an organization’s underlying databases and all the information stored therein.

What’s the threat now? social engineering

The main threat arising from this breach is social engineering. Using the names and addresses obtained from this leak, it is possible for cybercriminals to target users with email phishing, voice phishing, and smishing scams to try to trick users into handing over personal information and credentials.

“With so much information made public, criminals could quite easily use it to launch convincing social engineering attacks against users. This could be not only to target their Twitter accounts, but also by impersonating other services such as online shopping sites, banks or even tax offices,” said Javvad Malik, security awareness advocate at KnowBe4.

While these scams target end users, organizations and security teams can provide timely updates to ensure users are aware of the threats they are most likely to encounter and how to address them.

“People should always be wary of suspicious communications, especially when asking for personal or sensitive information, such as passwords,” Malik said. “When in doubt, people should contact the alleged service provider directly or log into their account directly.”

It’s also a good idea for security teams to remind employees to activate two-factor authentication on their personal accounts to reduce the chance of unauthorized logins.

VentureBeat’s mission is to become a digital city plaza where tech decision makers can learn about transformative business technology and execute transactions. Discover our Briefings.


Shreya Christinahttp://ukbusinessupdates.com
Shreya has been with ukbusinessupdates.com for 3 years, writing copy for client websites, blog posts, EDMs and other mediums to engage readers and encourage action. By collaborating with clients, our SEO manager and the wider ukbusinessupdates.com team, Shreya seeks to understand an audience before creating memorable, persuasive copy.

Latest news

Самые популярные Слоты И Игры Для Онлайн-казино > > Играйте Бесплатно

Самые популярные Слоты И Игры Для Онлайн-казино > > Играйте Бесплатно!Игры В Казино: Онлайн-казино Бесплатные Азартные ИгрыContentРекомендуемые Онлайн-казино"Регистрация...

1xbet Ao Vivo: Saiba Asi Como Funciona O Streaming Da Casa

ContentBet ApostasBet365 Friendly StreamingBem-vindo Ao Site Do Epa SupermercadosPokerBet Buffering De TênisBet Ao Vivo: Entenda Como Funciona O Streaming...

Onlayn Ödəniş Sistemi Ödəmələr, Pul Köçürmələri

ContentVar-yox Deyilsən!Mostbet-də Qeydiyyat Və YoxlamaMostbet BonuslarıCihazlarınızda 1xbet Tətbiqetməsini YükləyinBet Mobil Versiya Güzgüsü Kompüterlərdə IstifadəsiBet Mobi Versiya – İstifadəsi Daha...

1xbet Seyrək Rəsmi Sayt 1xbet Azərbaycan Bukmeker Kontoru, Bonuslar, Apk

Portalın formal görünüşü onun təzə ziyarətçilərinin gözləntilərinə cavab verir. Lisenziyanın olması təhlükəsizliklə bağlı yarana biləcək narahatlıqlar olmadan mərclərin yerləşdirilməsinin...

10 лучших Игр Онлайн-казино, и Которых Можно Играть Ради Крупных Выигрыше

10 лучших Игр Онлайн-казино, и Которых Можно Играть Ради Крупных ВыигрышейБесплатные Онлайн-слоты 14 000 Слотов В ДемоверсииContentКазино Гуру малоизвестныеЧасто...

Rəsmi Veb Saytı Bağlayın️ Sürətli Ödənişlər, Adi Bonuslar, ümumən Bunlar Sizi Pin Up Casinoda Gözləyir

ContentPin Up Casino-da Hansı Oyunlar Var?Darajalarfoydalanuvchilar Pin UpPin Up Casino AzerbaijanPin Up QeydiyyatıBildiriş:Şirkət Haqqında Formal MəlumatYeni Kriptovalyuta Kazinolarını Skan...

Must read

You might also likeRELATED
Recommended to you