Thursday, August 18, 2022
LetsAskBinu.com
  • Home
  • Cybersecurity
  • Cyber Threats
  • Hacking
  • Protection
  • Networking
  • Malware
  • Fintech
  • Internet Of Things
No Result
View All Result
LetsAskBinu.com
No Result
View All Result
Home Cybersecurity

Twitter Breach Exposed Anonymous Account Owners

Researcher by Researcher
August 6, 2022
in Cybersecurity
0
High-Severity Flaw in Argo CD is Information Leak Risk
189
SHARES
1.5k
VIEWS
Share on FacebookShare on Twitter


A vulnerability in Twitter’s software that exposed an undetermined number of owners of anonymous accounts to potential identity compromise last year was apparently exploited by a malicious actor, the social media company said Friday.

It did not confirm a report that data on 5.4 million users was offered for sale online as a result but said users worldwide were affected.

Related articles

Spring Framework Flaw Exploited in Mirai Malware Attacks

CISA Warns of Ongoing Exploitation Against Zimbra Flaws

August 18, 2022
High-Severity Flaw in Argo CD is Information Leak Risk

Apple Patches New macOS, iOS Zero-Days

August 18, 2022

The breach is especially worrisome because many Twitter account owners, including human rights activists, do not disclose their identities in their profiles for security reasons that include fear of persecution by repressive authorities.

“This is very bad for many who use pseudonymous Twitter accounts,” U.S. Naval Academy data security expert Jeff Kosseff tweeted.

The vulnerability allowed someone to determine during log-in whether a particular phone number or email address was tied to an existing Twitter account, thereby revealing account owners, the company said.

Twitter said it did not know how many users may have been affected, and stressed that no passwords were exposed.

“We can confirm the impact was global,” a Twitter spokesperson said via email. “We cannot determine exactly how many accounts were impacted or the location of the account holders.”

Twitter’s acknowledgment in a blog post Friday followed a report last month by the digital privacy advocacy group Restore Privacy detailing how data presumably obtained from the vulnerability was being sold on a popular hacking forum for $30,000.

A security researcher discovered the flaw in January, informed Twitter and was paid a reported $5,000 bounty. Twitter said the bug, introduced in a June 2021 software update, was immediately fixed.

Twitter said it learned about the data sale on the hacking forum from media reports and “confirmed that a bad actor had taken advantage of the issue before it was addressed.”

It said it was directly notifying all account owners that it can confirm were affected.

“We are publishing this update because we aren’t able to confirm every account that was potentially impacted, and are particularly mindful of people with pseudonymous accounts who can be targeted by state or other actors,” the company said.

It recommended users seeking to keep their identities veiled not add a publicly known phone number or email address to their Twitter account.

“If you operate a pseudonymous Twitter account, we understand the risks an incident like this can introduce and deeply regret that this happened,” it said.

The revelation of the breach comes while Twitter is in a legal battle with Tesla CEO Elon Musk over his attempt to back out from his previous offer to buy San Francisco-based Twitter for $44 billion.

Related: Can Elon Musk Spur Cybersecurity Innovation at Twitter?

Related: Hackers Used Internal Twitter Tools to Hijack Big-Name Accounts

Related: Why Are Users Ignoring Multi-Factor Authentication? 

Related: UK Man Arrested in Spain, Charged in US With Twitter Hack

view counter

Previous Columns by Associated Press:
Tags:





Source link

Tags: accountAnonymousbreachexposedOwnersTwitter
Share76Tweet47

Related Posts

Spring Framework Flaw Exploited in Mirai Malware Attacks

CISA Warns of Ongoing Exploitation Against Zimbra Flaws

August 18, 2022
0

Attackers are exploiting multiple, previously disclosed flaws that impact Zimbra’s enterprise collaboration software and email platform, warned the Cybersecurity and...

High-Severity Flaw in Argo CD is Information Leak Risk

Apple Patches New macOS, iOS Zero-Days

August 18, 2022
0

Apple on Wednesday rolled out emergency patches for a pair of already exploited zero-day vulnerabilities in its flagship macOS and...

Seaborgium targets sensitive industries in several countries

Seaborgium targets sensitive industries in several countries

August 17, 2022
0

Image: Adobe Stock New research from Microsoft Threat Intelligence Center (MSTIC) sheds light on a cyberespionage threat actor known as...

DEF CON – “don’t worry, the elections are safe” edition

DEF CON – “don’t worry, the elections are safe” edition

August 17, 2022
0

Don’t worry, elections are safe. Our Security Researcher Cameron Camp provide us highlights from the DEF CON 30 conference. Scattered...

Azure Developers Targeted By Malicious NPM Packages

RubyGems Requires MFA for Popular Projects

August 17, 2022
0

RubyGems, the popular community site for hosting Ruby projects, is now requiring the maintainers of the most popular projects to...

Load More
  • Trending
  • Comments
  • Latest
Brave browser’s Tor mode exposed users’ dark web activity

Brave browser’s Tor mode exposed users’ dark web activity

February 18, 2022
This Week in Fintech: TFT Bi-Weekly News Roundup 08/02

This Week in Fintech: TFT Bi-Weekly News Roundup 15/03

March 15, 2022
QNAP Escalation Vulnerability Let Attackers Gain Administrator Privileges

QNAP Escalation Vulnerability Let Attackers Gain Administrator Privileges

March 15, 2022
A first look at threat intelligence and threat hunting tools

A first look at threat intelligence and threat hunting tools

March 15, 2022
Beware! Facebook accounts being hijacked via Messenger prize phishing chats

Beware! Facebook accounts being hijacked via Messenger prize phishing chats

0
Shoulder surfing: Watch out for eagle‑eyed snoopers peeking at your phone

Shoulder surfing: Watch out for eagle‑eyed snoopers peeking at your phone

0
Remote work causing security issues for system and IT administrators

Remote work causing security issues for system and IT administrators

0
Elementor WordPress plugin has a gaping security hole – update now – Naked Security

Elementor WordPress plugin has a gaping security hole – update now – Naked Security

0
This Week in Fintech: TFT Bi-Weekly News Roundup 08/02

This Week in Fintech: TFT Bi-Weekly News Roundup 18/08

August 18, 2022
Spring Framework Flaw Exploited in Mirai Malware Attacks

CISA Warns of Ongoing Exploitation Against Zimbra Flaws

August 18, 2022
High-Severity Flaw in Argo CD is Information Leak Risk

Apple Patches New macOS, iOS Zero-Days

August 18, 2022
How Can Crypto and CBDCs Help Communities?

How Can Crypto and CBDCs Help Communities?

August 18, 2022

Recent Posts

This Week in Fintech: TFT Bi-Weekly News Roundup 08/02

This Week in Fintech: TFT Bi-Weekly News Roundup 18/08

August 18, 2022
Spring Framework Flaw Exploited in Mirai Malware Attacks

CISA Warns of Ongoing Exploitation Against Zimbra Flaws

August 18, 2022
High-Severity Flaw in Argo CD is Information Leak Risk

Apple Patches New macOS, iOS Zero-Days

August 18, 2022

Categories

  • Cyber Threats
  • Cybersecurity
  • Fintech
  • Hacking
  • Internet Of Things
  • Malware
  • Networking
  • Protection

Tags

Access Android attack Attacks banking BiWeekly breach bug Cisco critical Cyber Cybersecurity Data devices Digital financial Finds Fintech Flaw flaws Google Group Hackers Krebs Latest malware Microsoft million Network News open patches Payments phishing platform Ransomware RoundUp security Software TFT Threat vulnerability warns Week Windows

© 2022 Lets Ask Binu All Rights Reserved

No Result
View All Result
  • Home
  • Cybersecurity
  • Cyber Threats
  • Hacking
  • Protection
  • Networking
  • Malware
  • Fintech
  • Internet Of Things

© 2022 Lets Ask Binu All Rights Reserved