While Twitter does not confirm how many users were affected by an exploit of a vulnerability, the number is thought to be over 5 million.

code vulnerability, cyber security, micro-blogging, security, social media, twitter, windows, microsoft

Threat actors have recently successfully exploited a vulnerability on Twitter and were able to access the database to see the information of account owners. According to the micro-blogging site, there is a risk for users who prefer to stay anonymous on the platform.

In a statement, the company says anyone who has given an email address or phone number is at risk.

“As a result of the vulnerability, if someone submitted an email address or phone number to Twitter’s systems, Twitter’s systems would tell the person what Twitter account the submitted email addresses or phone number was associated with, if any,” Twitter warns on a blog post.

It seems the issue stems from the introduction of new code in June 2021. Twitter says this new code was vulnerable and a bug occurred that was initially invisible to the company. Attackers were able to exploit the bug and target the database. Over the course of a campaign, the hackers gathered information on a reported 5.4 million accounts.

It is worth noting Twitter has not confirmed the exact number of compromised accounts, saying in an email to Gadgets 360 that it cannot “determine exactly how many accounts were impacted or the location of the account holders,” but the company does admit the breach was a global-level attack.

Late Fix

Twitter first learned of the bug following a bug bounty. After an investigation, the company confirmed the vulnerability and issued a patch for it. However, at the time Twitter was unaware the bug had already been exploited.

“In July 2022, we learned through a press report that someone had potentially leveraged this and was offering to sell the information they had compiled,” Twitter says. “After reviewing a sample of the available data for sale, we confirmed that a bad actor had taken advantage of the issue before it was addressed.”

Twitter says it will inform all account holders who have been affected by the attack. The company says any user who prefers to stay anonymous through a pseudonym should be cautious in preserving their identity.

“To keep your identity as veiled as possible, we recommend not adding a publicly known phone number or email address to your Twitter account,” the social media giant advises. “While no passwords were exposed, we encourage everyone who uses Twitter to enable 2-factor authentication using authentication apps or hardware security keys to protect your account from unauthorized logins.”

Tip of the day: The Windows Clipboard history feature provides the functionality across device, space, and time, letting you copy on one computer and paste the text days later on a different PC. All of it is possible via the Windows 10 clipboard manager, which lets you view, delete, pin, and clear clipboard history at will.

In our tutorial we show you how to enable the feature, clear clipboard history, and enable/disable clipboard sync to meet your preferences. You can also create a clear clipboard shortcut for quick removal of stored content.

TECH NEWS RELATED

Cyber espionage group developed back-doors tailored for VMware ESXi hypervisors

A possibly new threat actor packaged and deployed back-doors as vSphere Installation Bundles, gaining remote code execution and persistence capabilities.

View more: Cyber espionage group developed back-doors tailored for VMware ESXi hypervisors

Enterprises embrace DevSecOps practices against supply chain attacks

Healthy developer-team culture and adherence to DevSecOps best practices to protect against supply chain attacks are surprisingly commonplace in today’s security environment, according to a report from Google and Chainguard

View more: Enterprises embrace DevSecOps practices against supply chain attacks

Most hackers need 5 hours or less to break into enterprise environments

A new survey of 300 ethical hackers provides insight into not only the most common means of initial access but how a complete end-to-end attack happens.

View more: Most hackers need 5 hours or less to break into enterprise environments

Malware builder uses fresh tactics to hit victims with Agent Tesla RAT

A new malware campaign uses the recently discovered Quantum Builder and sophisticated tactics to deliver malicious payload.

View more: Malware builder uses fresh tactics to hit victims with Agent Tesla RAT

Malaysia and China sign MoU on 5G, digital economy and cyber security cooperation

Malaysia and China have signed a memorandum of understanding (MoU) on digital telecommunications cooperation in relation to 5G, digital economy and cyber security. Inked yesterday at the International Telecommunication Union Plenipotentiary Conference 2022 in Romania, the MoU will also explore potential partnerships in other aspects of digital technology.  According ...

View more: Malaysia and China sign MoU on 5G, digital economy and cyber security cooperation

Cryptojacking, DDoS attacks increase in container-based cloud systems

Victims lose $53 for every $1 cryptojackers gain, according to a new report from Sysdig.

View more: Cryptojacking, DDoS attacks increase in container-based cloud systems

Fortinet targets SD-WAN, 5G with new AIOps support

Fortinet fills out FortiAIOps portfolio which features WAN, wireless and LAN operations.

View more: Fortinet targets SD-WAN, 5G with new AIOps support

Software vulnerabilities pose risk to network infrastructure

IT pros need to require software bills of materials for the open source networking software used in their enterprises to guard against potential threats.

View more: Software vulnerabilities pose risk to network infrastructure

The deepfake danger: When it wasn’t you on that Zoom call

Zoho ManageEngine flaw is actively exploited, new warning shows

BNM: Banks must migrate from OTPs to more secure authentication and implement measures to prevent online scams

Ransomware operators might be dropping file encryption in favour of corrupting files

D&O insurance not yet a priority despite criminal trial of Uber’s former CISO

Top 5 attack surface challenges related to security operations

NCS and BeyondTrust boost cyber security posture in Asia

Okta assesses the state of secure identity

Uber links cyber attack to LAPSUS$, says sensitive user data remains protected

Ransomware is (slightly) on the decline, cyber insurance company claims

Palo Alto adds software composition analysis to Prisma Cloud to boost open source security

CrowdStrike launches enhancements to four key product lines

OTHER TECH NEWS

Top Car News Car News