Over 5.4 Million Twitter User Data Stolen

In July this year, cybercriminals exploited a Twitter API vulnerability disclosed in December 2021 and began selling the data of more than 5.4 million Twitter users on a hacking forum. Recently, a hacker released the information for free.

According to a Twitter blog post in August, the vulnerability allowed hackers to submit email addresses or phone numbers to the API to determine which account they were associated with. While Twitter fixed the bug in January, it still exposed the private phone numbers and email addresses of millions of users.

Salt Security reports that 95% of organizations experienced security issues in their APIs and 20% experienced a data breach due to a security breach in their APIs in the past 12 months. This high rate of exploitation is in line with Gartner's prediction that API attacks will be the most frequent attack vector this year.

API vulnerabilities can provide access to unprecedented data volumes, and Avivi pointed out that these vulnerabilities provide direct access to the underlying data.

The most important threat posed by this vulnerability is social engineering. Cybercriminals may use the names and addresses obtained from this breach to target users in email phishing, voice phishing, and phishing scams in an attempt to trick users into handing over personal information and login credentials.

While these scams target end users, organizations and security teams can provide timely updates to ensure users understand the threats they are most likely to encounter and how to respond to them. It's also a good idea for security teams to remind employees to activate two-factor authentication on their personal accounts to reduce the chance of unauthorized logins.