A fatal retweet: How the newest attack on Twitter can teach us a lesson on cybersecurity

Author: Vishal, ManageEngine

In what may be the largest Twitter data breach attack to date, the personal data of over 400 million users was stolen from the social media giant’s grasp and put up for sale on the dark net on the day after Christmas. This attack couldn’t have happened at a worse time for the company, as the Irish Data Protection Commission (DPC) has announced an investigation into an earlier Twitter data leak in November 2022 that had affected over 5.4 million users.

Though Twitter has not officially confirmed the breach, the released data has been verified by cybercrime intelligence company Hudson Rock.

Both attacks are said to have originated from an API vulnerability that was first brought to Twitter and the wider audience’s attention earlier this year. In January 2022, a user by the name “zhirinovskiy” pointed out this vulnerability by submitting a detailed report to Twitter on the bug bounty platform HackerOne.

According to zhirinovskiy, threat actors could take advantage of this API vulnerability using a mass-querying attack. Even though Twitter responded through press releases and comments on the original report that it had immediately looked into the issue and taken remediation steps, it seems the same chink in the armour has led Twitter to fall twice.

What exactly happened?

The API vulnerability present in Twitter’s code made it possible for someone to input large lists of phone numbers and email addresses into a Twitter API and receive an associated Twitter user ID. This Twitter ID could then be used to gather the data related to it. With all this information in hand, a threat actor could build a public data profile consisting of details like name, phone number, email, Twitter username, and ID.

This is exactly what helped the threat actor “Ryushi” carry out this mass-scale attack. Ryushi proceeded to post about their attack on the hacking forum Breached, a site commonly used to sell user data stolen in data breaches. To prove the validity of the attack, Ryushi furnished sample data of over 37 celebrities, politicians, journalists, corporations, and government agencies, including Salman Khan, Sundar Pichai, Alexandria Ocasio-Cortez, Donald Trump Jr., Mark Cuba, Kevin O’Leary, and Piers Morgan.

So, what does this mean for us?

There are over 1.3 billion Twitter accounts in total, and a whopping 450 million plus active monthly users. So, if you happen to have a Twitter account lying around, there is a good chance that your data is now in the hands of a malicious threat actor.

Proving the proverb, “The bigger they are, the harder they fall”, the risk of being on the receiving end of such harmful cyber-attacks increases exponentially when it comes to enterprises or businesses in general. Companies are accountable for all the data of employees, customers, partners and sensitive information like revenue numbers, operational plans, etc.

Data breaches are not to be taken lightly. They can lead not only to huge financial losses but also cause irreparable damage to the opinions people hold about a company. A staggering $277 million fine was imposed on Meta due to a similar data breach attack back in 2021.

In this information age where data has become the modern-day currency, it is more crucial than ever to be wary of our information on the internet and the solutions we use to keep it secured. If there’s one takeaway from all these cyber-attacks happening across the world, it’s that data of any kind must be locked down as securely as possible, to maximise your chances of withstanding the ever-increasing number of security challenges that threat actors bring to your doorstep.

On that note, here are a few safety practices to follow to minimise the probability of your organisation ever being the target of such sophisticated cyber-attacks that target sensitive data.

1) Secure authentication on all fronts 

Enable two-factor authentication (2FA), which requires an additional step to log in to an account, such as entering a code sent to a phone or using a biometric feature like fingerprints or facial recognition. And when it comes to passwords, require a long and unique password for each account and utilise a password manager to store them securely.

2) Keep your software and devices up to date 

Make sure your operating system, web browsers, and other software are up to date with the latest security patches and updates. Most vulnerabilities rise from unpatched applications so it is important to apply patches as soon as they become available, as they help to protect against known vulnerabilities that could be exploited by attackers. Failing to apply patches can leave a system or application vulnerable to attack and can expose sensitive data or allow unauthorised access to the system.

3) Firewall and VPN 

A firewall helps protect your device or network by blocking unauthorised access and only allowing trusted traffic to pass through. When accessing the internet over a public or unsecured network, use a VPN to encrypt your connection and protect your data from being accessed by others on the same network.

4) Asset awareness

Security and management go hand-in-hand when it comes to cyber health. After all, you can secure only what you manage. So have a general visibility of all the devices connected to the network across your organisation.

5) Security tools

Last but not least, your arsenal should contain the appropriate security solutions needed for you to ward off the various kinds of cyberattacks. For example:

  • A dedicated vulnerability management software will help you scan your network for known vulnerabilities and threats and patch endpoints when necessary.
  • Software meant to monitor the list of applications running on your network can help you whitelist the software needed for productivity and blacklist those that might pose a threat.
  • Anti-ransomware solutions help you detect and remove ransomware in your network before they get the chance to unleash their damage on affected endpoints.

Endpoint Central is ManageEngine’s flagship UEMS product that offers end-to-end management and security capabilities for the endpoints under an organisation’s roof—from computers running on Windows, macOS, Linux to mobile devices with Android or iOS. Create custom configurations and security policies, automate redundant tasks, and take your cyber-security game to the next league with our comprehensive security features that monitor and protect the length and breadth of your organisation’s network.

Learn more about the unified endpoint security features in Endpoint Central and book a free demo with one of our solution experts.

Like this article?

Share on Facebook
Share on Twitter
Share on Linkedin
Share on Pinterest
Share on Whatsapp
Share by Email

Related Products