235 million account details were disclosed in the largest Twitter data leak ever: Report

Twitter data leaks

Introduction to Data Leak

According to a report in The Washington Post, security experts believe that this data hack poses threats of exposure, arrest or violence against people who used Twitter to criticize governments or powerful individuals. It can also open up others to extortion as hackers could also use email addresses to attempt to reset passwords and take control of accounts, especially those not protected by two-factor authentication.

“This database is going to be used by hackers, political hacktivists and of course governments to harm our privacy even further,” said Alon Gal, co-founder of the Israeli security company Hudson Rock, who spotted the posting on a popular underground marketplace, The Washington Post reported.

These records were likely compiled in late 2021 when outsiders who already had an email address or phone number could search for accounts that had shared it with Twitter because of a flaw in Twitter’s system. An unlimited number of emails or phone numbers could be checked through automated lookups.

The first time Twitter learned that someone had exploited the flaw was in July when hackers sold 5.4 million account handles, emails and phone numbers.

The micro-blogging platform said in August that it was made aware of the vulnerability in January 2022 through its reward program for bug reports. The vulnerability had been accidentally introduced in a code update seven months before that.

The General Data Protection Regulation of the European Union may have been broken, according to a statement made by Ireland’s Data Protection Commission last month. The fresh batch is probably going to increase the intensity of that investigation as well as a current U.S Federal Trade Commission investigation into whether Twitter has been infringing on consent decrees in which it vowed to better protect user data.

Twitter previously stated that it fixed the bug as soon as it was made aware of it, although it did not specify how long the process took. This happened amidst a turbulent month in which the business sacked both of its senior security officers.

Twitter data of Sundar Pichai, WHO, Charlie Puth and other 400 million users leaked: Report, CNBC TV 18

One of them, Peiter Zatko, who leads the company’s information security approach has been claiming that Twitter has been grossly unprepared to fend off hacking attempts. Later in August 2022 Zatko also filed a formal whistleblower complaint with the Securities and Exchange Commission and testified about the deficiencies in Congress.

While Twitter’s 235 million published information leak is among the biggest ever, it is merely the most recent in a string of security mishaps that go back more than a decade. Zatko said that the business has been breaking a 2011 settlement with the FTC over frequent account takeovers.

This is not only the news of a huge data leak, many Data leaks happened in 2022. 

Why does it happen?

It’s important to distinguish between a data leak and a data breach. These terms are often used interchangeably, but they do have one notable difference.

While data leaks and data breaches both involve the unauthorized exposure of data, the cause of the exposure determines whether it’s a leak or a breach.

A data leak occurs when an internal source exposes information. Meanwhile, a data breach is caused when an external source breaches the system in a cyberattack. Criminals can use a variety of methods to try and break into a network. In other words, a data leak is usually an accident, while a breach is often intentional and malicious.

Let’s review some of the most common causes of data leaks.

Bad infrastructure: Misconfigured or unpatched infrastructure can unintentionally expose data. Having the wrong settings or permissions, or an outdated software version may seem innocent, but it can potentially expose data.

Social engineering scams: While data breaches are the result of a cyberattack, criminals often use similar methods to create a data leak. Then the criminal will exploit the data leak to launch other cyberattacks. For example, phishing emails may successfully gain access to a person’s login credentials, which could result in a bigger data breach.

Poor password policies: People tend to use the same password for multiple accounts because it’s easier to remember them. But if a credential stuffing attack happens, it could expose several accounts. 

Software vulnerabilities: Software vulnerabilities can easily turn into a huge cybersecurity issue for organizations. Criminals can take advantage of outdated software or zero-day exploits and turn them into a variety of security threats.

Old data: As businesses grow and employees come and go, companies can lose track of data. System updates and infrastructure changes can accidentally expose that old data 

How to Prevent this data leak

Assess and audit security: Organizations should verify that their business has the necessary safeguards and policies in place to protect data. This is especially crucial for regulatory compliance. If you find any weak points, it’s imperative to fix them.

Restrict data access: Employees should only have access to the data they need to do their jobs efficiently.

Evaluate and update data storage: Antiquated data storage practices create vulnerabilities. You should regularly monitor the data you collect and how you store it.

Never trust, always verify: IT systems should not inherently trust any devices or accounts on company networks. Adopt a zero-trust security approach to prevent unwanted access to sensitive data.

Use multi-factor authentication: A strong password policy for employees is good, but don’t rely on it alone. Implementing multi-factor authentication ensures that a password leak isn’t enough to cause a data breach.

Monitor third-party risk: Supply chain attacks occur when a third-party vendor has one of their email accounts compromised. This can lead to a large-scale data leak.

Some of these leaks are

SHEIN fined US$1.9mn over data breach affecting 39 million customers, CNBC Tv 18

Student loan data breach leaks 2.5 million social security numbers, CNBC Tv 18

The hacker allegedly hits both Uber and Rockstar, CNBC Tv 18

 Conclusion

Information Leak is turning into a disturbance in numerous associations given the increasing incidents that can bring about the test. In this way, organizations need to ensure that all the stakeholders comprehend the test since it is a business-wide test. The explanation for that is to assist individuals with understanding that corporate security is basic, and they need to understand the methods as well as the strategies that are useful in accomplishing a secure environment. There ought to be the utilization of advancements that can recognize and forestall data leakage issues.

For More Follow @dissenttimes

2 thoughts on “235 million account details were disclosed in the largest Twitter data leak ever: Report”

Leave a Reply

Your email address will not be published. Required fields are marked *