News

The Twitter Data Breach: The Domino Effect of Disasters

The Twitter Data Breach: The Domino Effect of Disasters

It all started in June ‘21 when Twitter launched an update to its code and the change introduced a critical vulnerability. It wasn’t until January ‘22 that the vulnerability was discovered by a bug bounty hunter and Twitter claimed that it had addressed the issue immediately. New evidence surfaced in July ‘22 that established that the vulnerability had been leveraged before Twitter could fix it and reportedly personal information of 5.4 million Twitter users was put on sale for $30,000. The information was bought at a price lower than the original ask price and they might be made available for free.

What is this vulnerability and how did it translate into such a massive breach? According to the owner of the hacking forum, Breached, the vulnerability was in the API. It allowed a bad actor to enter a phone number or email Id into Twitter’s systems and access the profile associated with the said email ID or phone number. This, in turn, allowed the hackers to create complete profiles of 5.4 million Twitter users including phone numbers, email addresses, login IDs, and public information scraped from the internet. 

Breached learned about the API vulnerability from another hacker, Devil, and used another API vulnerability to unravel 1.4 million suspended Twitter accounts.

You can see a redacted example of the user profile created in this hack sampled by security expert Chad Loder.

Why is this dangerous? Well, as Twitter agreed, this hack is especially devastating for pseudonymous Twitter accounts. Their anonymity is attacked by this exposition and their personal information may be used against them by the state or other bad actors. The personal information so readily available with email addresses and phone numbers make the exposed users easy targets for phishing and social engineering attacks. Since the login ID is available, hackers are just one brute-force attack away from getting into a Twitter account.

Twitter has not had the best year. While the number of monetized Twitter has increased in the Q2 of 2022 to reach 238 million, a report says, it has been losing a lot of heavy tweeters. Twitter is losing credibility, ad revenue, and employees fast. The hack is adding terrible insult to injury.  

About the author

mm

Steven Ly

Steven Ly is the Startup Program and Events Manager at TheNextHint Inc. She recruits rockstar startups for all TC events including Disrupt, meetups, Sessions, and more both domestically and internationally. Previously, she helped produce Dreamforce with Salesforce and Next '17 with Google. Prior to that, she was on the advertising teams at both Facebook and AdRoll, helping support advertisers in North America and helped grow those brands globally. Outside of work, Priya enjoys Flywheel, tacos, the 49ers, and adventuring around the globe.

Add Comment

Click here to post a comment

Your email address will not be published. Required fields are marked *

Subscribe us

Please wait...
Want to be notified when our article is published? Enter your email address and name below to be the first to know.