Tag: twitter | Page 5

Twitter Says ‘No Evidence’ User Data Being Sold Online Came From Hack

January 13, 2023/in Internet Security

Twitter said that after investigating reports that data on upwards of 400 million users was being sold online, it found “no evidence” that was obtained by exploiting vulnerabilities in its systems.

The Elon Musk-owned social network provided details on the investigation in a blog post Wednesday. In December 2022, a hacker was claiming to be offering over 400 million Twitter-associated user emails and phone numbers for sale on the black market, according to press reports. Earlier this month, “a similar attempt to sell data from 200 million Twitter-associated accounts was reported in the media,” which, according to Twitter, was the same dataset that was reported in December with duplicates removed.

Based on its investigation, “there is no evidence that the data being sold online was obtained by exploiting a vulnerability of Twitter systems,” the company said. “The data is likely a collection of data already publicly available online through different sources.”

Twitter noted that in August 2022, the company disclosed that it had received a report in January of last year through its bug-bounty program of a vulnerability in Twitter’s systems that let someone use email addresses or phone numbers to reveal Twitter accounts associated with the info. The company said it updated its code in June 2021 to fix the bug.

In July 2022, Twitter “learned through a press report that someone had potentially leveraged [the vulnerability] and was offering to sell the information they had compiled,” the company said. “After reviewing a sample of the available data for sale, we confirmed that a bad actor had taken advantage of the issue before it was addressed.” Twitter said it notified affected users “promptly” of the issue. Media reports in November said 5.4 million Twitter user accounts were being sold online; according to Twitter’s investigation, those were the same accounts that were exposed in August 2022.

Twitter said it is “in contact with data protection authorities and other relevant regulators” in different countries “to provide clarification about the alleged incidents.”

The company also said that, while no…

Source…

Cybersecurity expert offers advice for millions affected in Twitter hack

January 7, 2023/in Computer Security

Personal emails linked to 235 million Twitter accounts have been exposed according to Israeli security researcher Alon Gal with the cyber-crime information firm Hudson Rock.

Account passwords weren’t leaked but hackers now have a chance at trying to reset or guess them if they’re commonly used.

I sat down with Jacksonville-based cybersecurity expert Christopher Hamer about the next steps Twitter users should take.

“Change your password. Verify that your authentication email or your two-step authentication is turned on. Don’t choose a stupid password,” said Hamer.

The Cybersecurity and Infrastructure Security Agency recommends choosing a strong password between eight to 64 characters with numbers and symbols.

Having a password with length and complexity makes it difficult for hackers to access your account.

Hamer recommends taking it a step further and organizing your passwords in groups.

“Have a password for websites that don’t have your personal information. Don’t have any sensitive information, don’t have access to your finances that aren’t tied to your credit card. That’s your throwaway password. If it gets compromised oh well,” Hamer said.

Cybersecurity experts expect that this Twitter hack will cause an uptick in targeted phishing emails and doxxing – which publicly reveals someone’s personal information online.

Hamer said this can happen to anyone who uses the internet despite how careful you are online.

“I tell my children and I tell my clients the instant that information leaves your computer and goes on the internet you have zero control over it,” said Hamer.

The Twitter breach appears to have taken place before Elon Musk took over the company. However, the hack could put the social media conglomerate in trouble with the Federal Trade Commission.

Source…

Hackers post email addresses linked to 200 million Twitter accounts, security researchers say

January 5, 2023/in Internet Security

CNN
—

Email addresses linked to more than 200 million Twitter profiles are currently circulating on underground hacker forums, security experts say. The apparent data leak could expose the real-life identities of anonymous Twitter users and make it easier for criminals to hijack Twitter accounts, the experts warned, or even victims’ accounts on other websites.

The trove of leaked records also includes Twitter users’ names, account handles, follower numbers and the dates the accounts were created, according to forum listings reviewed by security researchers and shared with CNN.

“Bad actors have won the jackpot,” said Rafi Mendelsohn, a spokesman for Cyabra, a social media analysis firm focused on identifying disinformation and inauthentic online behavior. “Previously private data such as emails, handles, and creation date can be leveraged to build smarter and more sophisticated hacking, phishing and disinformation campaigns.”

Some reports suggested the data was collected in 2021 through a bug in Twitter’s systems, a flaw the company fixed in 2022 after a separate incident in July involving 5.4 million Twitter accounts alerted the company to the vulnerability.

Troy Hunt, a security researcher, said Thursday that his analysis of the data “found 211,524,284 unique email addresses” that had been leaked. The Washington Post earlier reported a forum listing promoting the data of 235 million accounts.

Hunt did not immediately respond to a question from CNN asking whether the records would be added to his website, haveibeenpwned.com, which allows users to search hacked records to determine if they have been affected. CNN has not independently verified the records’ authenticity.

Twitter didn’t immediately respond to a request for comment. Its communication team, along with roughly half of Twitter’s overall workforce, was gutted after billionaire Elon Musk completed his acquisition the company in late October. The significant staff reductions could now add to concerns about the company’s ability to respond to…

Source…

Twitter: Millions of users' email addresses 'stolen' in data hack

January 5, 2023/in Computer Security

Early indications are that at least some of the sample data the criminal is offering is real, and three Twitter users have confirmed to me that their leaked email addresses are re …

Source…

Tag Archive for: twitter