Personal Details Of 23 Crore Twitter Users Hacked: Users Are At High Risk Because Of These Reasons


Shreya Bose

Shreya Bose

Jan 07, 2023


235 million Twitter accounts and the email addresses they were registered with was posted on an online hacking forum.

Personal Details Of 23 Crore Twitter Users Hacked: Users Are At High Risk Because Of These Reasons

How this can be used

Security experts believe that this data hack poses threats of exposure, arrest or violence against people who spoke out against governments or powerful individuals.

There is also the risk of extortion since the hackers could also use email addresses to reset passwords and take over accounts, especially those not protected by two-factor authentication.

Alon Gal, co-founder of the Israeli security company Hudson Rock, who spotted the posting on a popular underground marketplace warned that the database could be used not just by hackers, but also political hacktivists and governments to further weaken security.

Goes back to 2021

These records were likely compiled in late 2021 when outsiders who already had an email address or phone number could search for accounts that had shared it with Twitter.

This happened because of a flaw in Twitter’s system.

An unlimited number of emails or phone numbers could be checked through automated lookups.

Flaw allowing automated lookups

The first time Twitter learned that someone had exploited the flaw was in July when hackers sold 5.4 million account handles, emails and phone numbers.

It said in August that it discovered the vulnerability in January 2022 through its reward program for bug reports.

The vulnerability had been accidentally introduced in a code update seven months before that.

Under heightened scrutiny

Ireland’s Data Protection Commission said last month that the General Data Protection Regulation of the European Union may have been broken.

The fresh batch is probably going to increase the intensity of that investigation along with an ongoing U.S Federal Trade Commission investigation into whether Twitter has been infringing on consent decrees in which it vowed to better protect user data.

The platform previously stated that it fixed the bug as soon as it was caught, but did not specify how long the process took.

Getting rid of security experts

This happened during a turbulent month in which the business sacked both of its senior security officers.

One of them, Peiter Zatko, who led the information security team said that Twitter has been grossly unprepared to fend off hacking attempts.

In August 2022 he also filed a formal whistleblower complaint with the Securities and Exchange Commission and testified about the deficiencies in Congress.

History of poor security 

Although the latest data leak is among the biggest ever, it is just the most recent in a string of security lapses that go back more than a decade.

Zatko said that the business has been breaking a 2011 settlement with the FTC over frequent account takeovers.


Shreya Bose
Shreya Bose
  • 609 Posts

Subscribe Now!

Get latest news and views related to startups, tech and business

You Might Also Like

Recent Posts

Related Videos

   

Subscribe Now!

Get latest news and views related to startups, tech and business

who's online