Category: Twitter

A former twitter employee is accused of leaking user details to a Saudi Prince and is found guilty of accepting a bribe ranging in thousands of dollars and an expensive watch. Ahmad Abouammo, 44, is the person who worked as an engineer of Twitter in the year 2015.

Although he is no more connected to the social media website, his past deeds have now come to light, confirming him as an Insider Threat.

As per the details available to our Cybersecurity Insiders, Ahmad passed on data of twitter users who were indulging in public criticism of the governance carried out in Saudi Arabia.

Investigations revealed Ahmad siphoned users’ email addresses, contact phone numbers, IP addresses, their location details and their tweet content. And passed on the details to a Saudi Royal Family for a luxury goods and currency.

The family linked to a Saudi Prince then used the details to capture those twitter users who were sharing hatred and blasphemy content against the government on Twitter and were captured and tortured in a secret prison in 2016.

After the details emerged in the year 2017, via media, the government of the United States launched an investigation all with the help of a 11-member jury. They finally probed down the matter and found that Abouammo was to receive a harsh penalty for his deeds.

Though the court has obliged his request to remain free from imprisonment, it has taken assurance from him he will not flee the country under any circumstances.

Saudi Government has also investigated the matter on a separate note and admitted that Ahmad was passing on foreign secrets- all for money’s sake and some materialistic luxuries. The government has also notified that Ahmad was working for Bader Al-Asaker, who in-turn was reporting the matter to the family of Saudi Prince Mohammad bin Salman.

NOTE- All such insider threat revelations might make Elon Musk drive attain an upper hand in the legal battle with Twitter.

The post Details about the Twitter’s Insider Threat appeared first on Cybersecurity Insiders.

Security research carried out by CloudSEK has found that over 3000+ mobile applications were exposing Twitter’s API keys, thus providing access to twitter accounts fraudulently. The research also found that among those, over 230 of them belonged to newly started companies that were found leaking authentication related credentials, allowing a complete takeover of twitter accounts.

CloudSEK researchers state that the leak of API keys could allow threat actors to sneak into the hacked accounts to sniff direct messages, retweet certain messages, delete them, like, remove or add followers, leading to serious consequences.

Furthermore, the cyber criminal can also hack into an account and add it to a list of twitter bot army that can later be used to spread hatred, fake information and cryptocurrency related phishing scams.

Meanwhile, the federal court in San Francisco has heard the trial of a former Twitter employee who is accused of sending sensitive details of a few Twitter users from UAE to a Prince in Saudi Arabia.

Ahmad Abouammo, a former employee of the social media network is alleged to have sent details such as username, IP address, email ID, location, date of birth and such to a Saudi Prince, who later used the information to state sponsored imprisonment and torture and secret prison term in 2015.

Now, the employee is no more linked to the social media giant and will face the trial for indulging in fraudulent practices in 2015.

NOTE- Currently, the disclosure of such details can influence the legal battle that is taking place between Twitter and Tesla Chief Elon Musk, over the former’s acquisition.

 

The post Twitter API Keys exposed by over 3000+ mobile applications appeared first on Cybersecurity Insiders.

A Twitter user named ‘Devil’ has announced the sale of information related to over 5.4 million twitter users siphoned from the social media firm’s database in January this year. In one tweet, the hacker said that the data was stolen after exploiting a vulnerability on the company’s systems.

Microblogging website reacted to the news and released a press statement that it is busy investigating the incident and assured to release more details about the incident as soon as the investigation gets over.

Prima facie revealed that the information was stolen due to a bug existing on the company’s backend servers and could contain details such as phone numbers and email addresses linked to the account.

HackerOne claims to have alerted the world’s top networking giant about the existing vulnerability in its backend servers in January 2022 and added that the susceptibility was fixed by Twitter as soon as they cautioned it.

A HackerOne user dubbed “zhirinovskiy” verified the leaked details and confirmed that they belonged to the existing active twitter users and includes details of celebrities and some renowned politicians around the world. Remember this user is the same guy who received $5k reward in Jan this year, as a part of the California based company’s bug bounty program.

Twitter users across the world are miffed with the fact that the networking giant never informed them about the data breach that took place early this year. And are venting their anger out against the security practices being followed by the American communications giant regarding the storage and protection of user information.

 

The post Twitter user data sold for $30k on dark selling forum appeared first on Cybersecurity Insiders.

A few weeks ago, Elon Musk offered a $44 billion deal to Twitter and requested the social media giant to give an exact count of Fake accounts. The firm initially denied the allegations, but later admitted that well over 5% of its total accounts were bot generated.

Tesla Chief Musk then issued a statement asking Twitter to be specific on the count of the accounts that were generated by Twitter Bots.

And as the world’s third networking giant failed to come up with a convincing report, the owner of StarLink, the satellite-based internet service, withdrew from the acquisition deal.  

Twitter is now claiming that it is extremely concerned about the massive amounts of user data it handed over to Elon Musk, as he wanted to have an insight into the information generated by users.

Now, it claims that the Tesla CEO will be using the given 53 terabytes of data to develop a competitor app and so if he backs down from the deal; it has to incur huge losses soon.

Thus, Twitter is planning to drag musk to the court for breaching the contract and putting forward a fake $44 billion deal that was never meant to be real.

Musk seems to be cool on the issue as his legal representatives are convinced enough that Twitter cannot withstand their claims in the court of law as the company attempted several breaches of contracts such as terminating the services of some C-level employees without the consent of Musk and failed to disclose valid info about spam accounts.

Only time can tell us more about developments!

 

The post Twitter now concerned about 53TB of User Data lying with Elon Musk appeared first on Cybersecurity Insiders.

Elon Musk, the Chief of Tesla and Starlink Satellite Internet, offered a $44 billion deal to Twitter. But the only thing he requested was that the company should come clean and take down fake accounts that were bots and generating fake tweets and might also be in use to spread misinformation, blasphemy content, fake likes, and whatnot.

Twitter denied having any fake accounts and assured Musk that they could provide raw data to his team for analysis, including millions of tweets generated on a daily note.

But suddenly, the world’s second social media networking giant changed its strategy and bowed down to the demands of Elon Musk and admitted that they were ready to take down fake accounts so that Musk could pay the already announced amount of $44 billion for acquiring the company.

The Tesla chief did not react to the issue directly and instead directed Texas Attorney General Ken Paxton to launch a formal investigation.

“As Twitter under-reported fake bot accounts, it could have negatively affected Texas consumers and businesses and so we will investigate it to the core,” said Attorney General Ken Paxton.

FYI, Twitter agreed in April 2022 that it had about 5% of automated accounts that were generating around 3-4 tweets on a daily note. But Musk disclosed in one of his May month’s tweets that the social media giant might have over 20% of fake accounts that were against the data privacy and security policies prevailing in several states of North America.

NOTE 1- Legal representatives say that Twitter has a fair enough chance to sue Musk if he backed out of the acquisition agreement of Twitter at the agreed price and terms.

NOTE 2- Elon Musk just made an offer to buy Twitter. But he never bounded into any legal agreement that he will stand by his words of buying Twitter for the said price till the end.

 

The post Twitter to take down fake accounts to please Elon Musk and his $44 billion offer appeared first on Cybersecurity Insiders.