Category: Twitter

A Cyber Attack that took place on Twitter is now being considered more serious than what was reported in the 3Q of this year. Going by the details, a hacker reported in July this year that he/she has access to data related to 5 million accounts of Twitter users and includes phone numbers and email ids.

FYI, both these details are enough to access the twitter ID of a user just by sieving the database.

But an independent security researcher named Chad Loder announced through his twitter handle on November 23rd,2022 that there was a similar massive breach on the servers of the social networking giant that took place last year and the data set that was stolen containing sensitive info was now being sold on the dark web.

Chad claims the data sets revealed a couple of days back differed from what was leaked last year and added in the twitter statement that multiple hackers were involved in infiltrating the computer network of the company that was newly bought by Tesla Chief Elon Musk for $44 billion.

It is worth noting that the allegations come just a few days after Elon faced sharp criticism for firing most of the C-level employees of his company and contract staff.

NOTE- Musk’s ownership of Twitter is being disliked by most of the staff who haven’t been fired yet. And for reasons, some have given their voluntary resignation, before they could face any hardships from the new management. And the latest to add to this list is Lea Kissner, the Chief Information Security Officer of the microblogging giant who reported having lost interest in the job, after former CEO Parag Agarwal and legal chief Vijaya Gadde were removed from their posts, respectively.

 

The post Twitter data breach leaking phone numbers and email ID were seriously concerning appeared first on Cybersecurity Insiders.

Twitter is having intermittent problems with its two-factor authentication system:

Not all users are having problems receiving SMS authentication codes, and those who rely on an authenticator app or physical authentication token to secure their Twitter account may not have reason to test the mechanism. But users have been self-reporting issues on Twitter since the weekend, and WIRED confirmed that on at least some accounts, authentication texts are hours delayed or not coming at all. The meltdown comes less than two weeks after Twitter laid off about half of its workers, roughly 3,700 people. Since then, engineers, operations specialists, IT staff, and security teams have been stretched thin attempting to adapt Twitter’s offerings and build new features per new owner Elon Musk’s agenda.

On top of that, it seems that the system has a new vulnerability:

A researcher contacted Information Security Media Group on condition of anonymity to reveal that texting “STOP” to the Twitter verification service results in the service turning off SMS two-factor authentication.

“Your phone has been removed and SMS 2FA has been disabled from all accounts,” is the automated response.

The vulnerability, which ISMG verified, allows a hacker to spoof the registered phone number to disable two-factor authentication. That potentially exposes accounts to a password reset attack or account takeover through password stuffing.

This is not a good sign.

Elon Musk is still causing chaos at Twitter (and it's beginning to impact users), are scammers selling your house without your permission, and Google gets stung with a record-breaking fine. All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire's Dave Bittner.

From Friday last week, contractors who battled disinformation spread were fired from their jobs and after getting confirmation from the senior management, nearly 89% of staff left the microblogging service office company on a permanent note.

Thus, in the past few hours, misinformation spread is taking place on high, as most of the content monitoring staff were asked either to take leave or sacked on the permanent note.

So, web development companies have employed bots to create fake twitter accounts and fill the social networking website with all illogical data such as blasphemy content, fake news, news related to politicians and celebrities to tarnish their images and what not.

Cybersecurity Insiders has learnt that the Tesla Chief has sacked the content monitoring contractors as they could not put a full stop of fake account creations, although they were given free hand to go against any individual, business or government.

Information is out that Elon Musk has also temporarily given a pause to the $8 campaign of re-verifying the blue tick mark against all accounts until further orders.

To those uninitiated, from November 3rd of this year, the Starlink Internet Company owner has fired a portion of C-level Twitter staff. And from November 6th even the staff in other levels received the sacking letters via email.

From 10th of this month, most of the employees who were working from home could not login to their slack and official email accounts and when they contacted their senior management, they were formally shown the door, with no prior intimation.

A few of them learnt about their job sack when speculations circulated on the media.

Hence, as of now, the content moderation is being conducted through automated servers and so any slight intelligence (smart way to twist the headlines) can help by-pass these servers and make Twitter a platform filled with fake news spread.

NOTE 1- A group discussion on Reddit suggests that Mr. Musk might be on a cost cutting spree and so is seen sacking the staff to bring down CAPEX n OPEX-costs. If this is the case, then how will the millions of users be catered to their needs then….? Strange……isn’t it?

NOTE 2- Facebook parent company Meta is also following the same principle of firing employees as Mark Zuckerberg is facing immense economic losses.

 

The post Twitter faces massive amounts of disinformation spread threat appeared first on Cybersecurity Insiders.

As expected, Twitter rolled out the campaign to weed out fake accounts by charging for blue tick subscriptions from the second week of this month. However, not all seem to go as per the plan, as the verification systems seem to be filled with security loopholes.

According to a discussion thread on Reddit available as screenshots claiming evidential facts, there has been a rise in fake accounts getting blue tick mark checking. Meaning, bots representing celebrities are being cleverly inducted into the directory and the menace seems to be unending.

For example, accounts impersonating Nintendo and other software companies are being proliferated onto the social media platform with no authenticity, even those a blue check mark exists to all accounts representing the name of the software company.

Same issue persists for UK’s Tony Blair and the ex- Boris Johnson, as 2-3 accounts displaying the celebrity’s picture as DM are being circulated on Twitter and that too with a blue tick mark.

A technical head of a large multinational company expressed her views on Facebook and said that the menace seems to be never ending, even after Elon Musk took off the reigns of the micro blogging website. As anyone with a fake Apple ID and a temporary email account can set up an account and gain a blue mark with the link of a masked debit or credit card.

Thus, with the latest menace of fake accounts being represented by bots, Twitter might think to roll out Blue Tick mark to each and every account holder( even the old ones), unlike earlier where it wanted to mint $8 from people willing to take new accounts.

 

The post Security loopholes in Twitter Bluetick Verification Systems appeared first on Cybersecurity Insiders.

Graham offers some security and privacy advice for those exodusing Twitter to Mastodon, and Carole slams the door shut on a notorious scammer with a huge Instagram following. All this and more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.
The world's richest man's plans for the news junkie's favourite social network inevitably get a great deal of attention. Not everyone will be aware of the details of what Elon Musk might be planning for Twitter, but they will certainly be aware that it's a hot topic. And so if a Twitter user receives a message claiming to be about their verified account, they may very well believe it... and that makes them more susceptible to falling into a trap. Read more in my article on the Tripwire State of Security blog.