#59 – Effects of Twitter’s Massive Data Breach (And What You Can Do)


img_4479

EFFECTED USERS: Twitter Users, Non-Twitter Users, and System Administrators (Large and Small)

Hair of fire 2 of 5

SUMMARY: Hackers stole information from Twitter – one of over 4,100 data Breaches in 2022

Why do hackers want personal data, regardless if it is your complete profile or not?

  • Assemble data fragments from multiple sources
  • Identity theft

What happened:

According to Bleeping computer:

In January 2022, Twitter received a report through its bug bounty program that an API vulnerability allows an attacker to feed email addresses or phone numbers and get an associated Twitter ID for a registered account. As members’ phone numbers and email addresses are not meant to be public, this could pose a significant privacy risk for Twitter users who wish to post anonymously. By the time Twitter remediated the problem, a threat actor had already leveraged the API vulnerability to input millions of email addresses and phone numbers to create 5.4 million user profiles consisting of public and non-public data.

SOURCE: https://www.bleepingcomputer.com/news/security/twitter-confirms-recent-user-data-leak-is-from-2021-breach/amp/

How many breaches? According to Cybersecurity Hub,

More than 4,100 publicly disclosed data breaches occurred in 2022 equating to approximately 22 billion records being exposed. Cyber security publication Security Magazine reported that the figures for 2022 are expected to exceed this figure by as much as five percent.

SOURCE: https://www.cshub.com/attacks/articles/the-biggest-data-breaches-and-leaks-of-2022

What can you do about it?

Here with me to discuss this today is Jonathan (“Joni”) Roizin.  Joni is a leading cybersecurity expert who served as an officer in the elite 8200 intelligence unit in the IDF, led the investigations of multiple Fortune 500 data breaches at Sygnia, and is currently Co-Founder and CEO of Flow Security.  Welcome Jonathan.

What did Twitter do wrong?

Why is data security getting so difficult for companies to manage?

OLD WAY:

  • Know what data you have.
  • Who Has Access
  • Map Data Flows – who owns it
  • Mapping the risk

NEW RISKS:

  • multiple people touch/analyses product

DSPM – Data security Posture Management (link to definition)

 

His Company LinkedIn page is: https://linkedin.com/company/flowsecurity

His LinkedIn Profile is: https://www.linkedin.com/in/jonathan-roizin/

His company’s webpage is: https://www.flowsecurity.com/

His Company Blog is: https://www.flowsecurity.com/gartner-dspm/

His email address is jonathan (at) flowsecurity.com

 

RESOURCES

That’s all the time we have!

Don’t forget to check out our sponsor, and home of my day-job: SAFE Classroom, at http://www.thesafe.io

Thanks for listening

Published by

David W. Schropfer

David W. Schropfer is the CEO of SAFE (Smartphone Authentication For Everyone), a cybersecurity company in New York (www.theSafe.io).  Every day, he and his team of professionals keep the people who use The SAFE Button protected from some of the most common traps, hacks and attacks that target computer systems of all sizes. David is the author of the bestselling cybersecurity book, Digital Habits: 5 Simple Tips to Help Keep You and Your Information Safe Online. His previous books, including The Smartphone Wallet and industry whitepapers, predicted some of the biggest trends in the payments, mobile, and security industries.  Since graduating Boston College, David earned an Executive MBA from the University of Miami.