The statement 'better late than never' surely applies to Twitter’s behavior as the company was finally seen finding a solution to a security vulnerability issue that is the latest to strike the firm in recent years.
Twitter revealed how it got to the bottom of a bug that was exposing user data belonging to nearly 5.4 million accounts on the app. A number of threat actors managed to bypass the app’s security checkpoints and compile sensitive data.
This information was then being offered for sale at a top cybercrime forum, the company’s new report revealed.
More details proved how the security threat enabled any individual to break in by simply adding relevant information pertaining to user accounts. Hence, that could be possible with the simple addition of an email ID or perhaps a phone number of the known user.
Then, the details were checked if they were indeed linked to an account on the app and if yes, the technique went about exposing the user identities of countless accounts.
We came to know of all this on Friday when Twitter revealed the shocking news through a blog post that shed light on the matter.
The statement mentioned that any user who submitted their email IDs or number to the app’s systems would be liable for having their identities exposed as the Twitter system was built in a way that would allow this.
Therefore, it warned against such practices and told people to be aware, making sure they were in the loop of what was going on.
Interestingly, the company revealed how they had actually gone about fixing the bug linked to the same problem in January of this year. But six months down the line, the fact that we’re still speaking about this means that things were either not done properly or the bug really managed to reappear.
The bug’s details and its entrance into Twitter’s codebase were outlined by one researcher who was awarded $6000 for making the discovery. After that, a report was generated that spoke in detail about how the threat was a serious one to all account holders on the app.
Therefore, private account holders were the most at risk and their information would potentially be used to make an entire database.
We can best recall this incident to be similar to that seen during the later part of 2019, where one security analyst was able to align phone numbers of almost 17 million users and link them to respective accounts on the app.
But in this case, we certainly feel the warning by the researcher had come a tad bit too late as that six-month period was enough for the bug to extract user account details of more than 5 million users which is actually a lot of information.
Twitter revealed recently how it only came to know about all of this type of exploitation thanks to a press release that was released last month.
It spoke about Twitter account holders’ data being up for sale on an online forum and that really raised the alarm for many as the site was a renowned cybercrime destination.
Common people whose data was sold included the likes of celebs and firms as well as other sought-after personalities from the world of gaming and social media today.
Twitter says they are now busy informing all of their relevant account holders that may have been affected by the bug.
Clearly, this is one massive incident that has really struck the app greatly in recent times with many users shocked at how easily the bug managed to defeat the security protocols in place.
Read next: Twitter Lawyers Hit Back At Elon Musk Saying His Tool Once Classified Him As A Bot
by Dr. Hura Anwar via Digital Information World
No comments:
Post a Comment