In January, cybersecurity researchers from HackerOne warned about the vulnerability of some social networks.
Even if a user has disabled certain fields in the platform’s privacy settings, cybersecurity experts at HackerOne warned of a vulnerability with Twitter in January that may allow an attacker to obtain the phone number and/or email address linked with user accounts. Twitter had offered a fix in response, but it was discovered this month that the database is now being offered for sale on Breach Forums, a well-known hacker community on the sinister Dark Web.
The database, which had 5.4 million members, purportedly contained information on corporations, politicians, and celebrities, according to HackerOne. The veracity of the material that was disclosed was purportedly confirmed by Breach Forums’ owner.
The majority of the time, privacy is an illusion, Timothy Morris, a technology strategist with the cybersecurity company Tanium, cautioned in an email.
This fact is powerfully shown by the vulnerability’s capacity to reveal aliases or anonymous Twitter identities, according to Morris. “It’s alarming, particularly for individuals in delicate circumstances like crime victims, political activists and dissidents, and people living under repressive regimes. The fact that Twitter handles and identities are a sought-after commodity that may be exploited to breach other systems or cause havoc in someone’s personal life despite the fact that the finding in this case was appropriately publicized and rectified. It’s realistic to anticipate that this tendency will continue because it’s possible that there are still more vulnerabilities hidden from view that would grant comparable access.”
Also Affected by an Attack Was Facebook
This week’s cybersecurity-related news involves more than simply Twitter. Additionally, researchers revealed that a fresh malware campaign known as “Ducktail” has been focusing on people and staff members who have access to a Facebook Business account.
Because it harvests browser cookies and makes use of authorized Facebook sessions to access the victim’s account, this specific virus is particularly cunning. In the end, it may take over any Facebook Business account.
