#59 – Effects of Twitter’s Massive Data Breach (And What You Can Do)


img_4479

EFFECTED USERS: Twitter Users, Non-Twitter Users, and System Administrators (Large and Small)

Hair of fire 2 of 5

SUMMARY: Hackers stole information from Twitter – one of over 4,100 data Breaches in 2022

Why do hackers want personal data, regardless if it is your complete profile or not?

  • Assemble data fragments from multiple sources
  • Identity theft

What happened:

According to Bleeping computer:

In January 2022, Twitter received a report through its bug bounty program that an API vulnerability allows an attacker to feed email addresses or phone numbers and get an associated Twitter ID for a registered account. As members’ phone numbers and email addresses are not meant to be public, this could pose a significant privacy risk for Twitter users who wish to post anonymously. By the time Twitter remediated the problem, a threat actor had already leveraged the API vulnerability to input millions of email addresses and phone numbers to create 5.4 million user profiles consisting of public and non-public data.

SOURCE: https://www.bleepingcomputer.com/news/security/twitter-confirms-recent-user-data-leak-is-from-2021-breach/amp/

How many breaches? According to Cybersecurity Hub,

More than 4,100 publicly disclosed data breaches occurred in 2022 equating to approximately 22 billion records being exposed. Cyber security publication Security Magazine reported that the figures for 2022 are expected to exceed this figure by as much as five percent.

SOURCE: https://www.cshub.com/attacks/articles/the-biggest-data-breaches-and-leaks-of-2022

What can you do about it?

Here with me to discuss this today is Jonathan (“Joni”) Roizin.  Joni is a leading cybersecurity expert who served as an officer in the elite 8200 intelligence unit in the IDF, led the investigations of multiple Fortune 500 data breaches at Sygnia, and is currently Co-Founder and CEO of Flow Security.  Welcome Jonathan.

What did Twitter do wrong?

Why is data security getting so difficult for companies to manage?

OLD WAY:

  • Know what data you have.
  • Who Has Access
  • Map Data Flows – who owns it
  • Mapping the risk

NEW RISKS:

  • multiple people touch/analyses product

DSPM – Data security Posture Management (link to definition)

 

His Company LinkedIn page is: https://linkedin.com/company/flowsecurity

His LinkedIn Profile is: https://www.linkedin.com/in/jonathan-roizin/

His company’s webpage is: https://www.flowsecurity.com/

His Company Blog is: https://www.flowsecurity.com/gartner-dspm/

His email address is jonathan (at) flowsecurity.com

 

RESOURCES

That’s all the time we have!

Don’t forget to check out our sponsor, and home of my day-job: SAFE Classroom, at http://www.thesafe.io

Thanks for listening

Published by

Unknown's avatar

David W. Schropfer

David W. Schropfer is a technology executive, author, and speaker with deep expertise in cybersecurity, artificial intelligence, and quantum computing. He currently serves as Executive Vice President of Operations at DomainSkate, where he leads growth for an AI-driven cybersecurity threat intelligence platform. As host of the DIY Cyber Guy podcast, David has conducted hundreds of interviews with global experts, making complex topics like ransomware, AI, and quantum risk accessible to business leaders and consumers. He has also moderated panels and delivered keynotes at major industry events, known for translating emerging technologies into actionable insights. David’s entrepreneurial track record includes founding AnchorID (SAFE), a patented zero-trust mobile security platform. He previously launched one of the first SaaS cloud products at SoftZoo.com, grew global telecom revenue at IDT, and advised Fortune 500 companies on mobile commerce and payments with The Luciano Group. He is the author of several books, including Digital Habits and The SmartPhone Wallet, which became an Amazon #1 bestseller in its category. David holds a Master of Business Administration from the University of Miami and a Bachelor of Arts from Boston College.

One thought on “#59 – Effects of Twitter’s Massive Data Breach (And What You Can Do)

  1. Pingback: Cybersecurity Expert Jonathan Roizin on DIY Cyber Guy – DIY CyberGuy with David W. Schropfer

Comments are closed.