 |
| A previous Twitter hack exposed the data of 5.4 million users |
In July, cybercriminals began selling the data of more than 5.4 million Twitter users in hacking forums after exploiting an API vulnerability disclosed in December 2021.
Recently, a hacker made the information freely available, while other researchers reported a vulnerability affecting millions of Twitter accounts in the European Union and the United States.
According to Twitter last August, the flaw would have allowed hackers to pass email addresses or phone numbers into the API to identify the relevant account.
Even though Twitter patched the vulnerability in January 2022, the phone numbers and email addresses of millions are still available online, underscoring how devastating the exposed API is for modern businesses.
The Twitter hack comes amid a wave of attacks targeting APIs, with Salt Security reporting that 95% of companies had an API security issue in the past 12 months, while 20% suffered a breach as a result of the hack. .
This high usage aligns with market research firm Gartner's forecast that API attacks will become the most common attack vector by 2022.
An unfortunate fact about API attacks is that vulnerabilities in these systems provide access to unprecedented amounts of data, and in this case 5.4 million or more Twitter users were affected.
its a problem. When an attacker accesses an API, he gets direct access to the organization's master database and all the information it contains.
The most significant threat posed by this vulnerability is social engineering. Using the names and addresses obtained by attackers, they can target users with phishing emails designed to trick users into handing over personal information and credentials.
Even though these scams target end users, organizations and security teams can provide timely updates to ensure that users are aware of the threats they may encounter and what to do about them. It's also a good idea for security teams to remind employees to turn on two-factor authentication for their personal accounts to reduce the possibility of unauthorized logins.