EFFECTED USERS: Twitter Users, Non-Twitter Users, and System Administrators (Large and Small)
Hair of fire 2 of 5
SUMMARY: Hackers stole information from Twitter – one of over 4,100 data Breaches in 2022
Why do hackers want personal data, regardless if it is your complete profile or not?
- Assemble data fragments from multiple sources
- Identity theft
According to Bleeping computer:
In January 2022, Twitter received a report through its bug bounty program that an API vulnerability allows an attacker to feed email addresses or phone numbers and get an associated Twitter ID for a registered account. As members’ phone numbers and email addresses are not meant to be public, this could pose a significant privacy risk for Twitter users who wish to post anonymously. By the time Twitter remediated the problem, a threat actor had already leveraged the API vulnerability to input millions of email addresses and phone numbers to create 5.4 million user profiles consisting of public and non-public data.
How many breaches? According to Cybersecurity Hub,
More than 4,100 publicly disclosed data breaches occurred in 2022 equating to approximately 22 billion records being exposed. Cyber security publication Security Magazine reported that the figures for 2022 are expected to exceed this figure by as much as five percent.
What can you do about it?
- Assume your data is stolen
- Monitor your credit report
- Put freezes on your credit report
Here with me to discuss this today is Jonathan (“Joni”) Roizin. Joni is a leading cybersecurity expert who served as an officer in the elite 8200 intelligence unit in the IDF, led the investigations of multiple Fortune 500 data breaches at Sygnia, and is currently Co-Founder and CEO of Flow Security. Welcome Jonathan.
What did Twitter do wrong?
Why is data security getting so difficult for companies to manage?
- Know what data you have.
- Who Has Access
- Map Data Flows – who owns it
- Mapping the risk
- multiple people touch/analyses product
DSPM – Data security Posture Management (link to definition)
His Company LinkedIn page is: https://linkedin.com/company/flowsecurity
His LinkedIn Profile is: https://www.linkedin.com/in/jonathan-roizin/
His company’s webpage is: https://www.flowsecurity.com/
His Company Blog is: https://www.flowsecurity.com/gartner-dspm/
His email address is jonathan (at) flowsecurity.com
That’s all the time we have!
Don’t forget to check out our sponsor, and home of my day-job: SAFE Classroom, at http://www.thesafe.io
Thanks for listening