Home / News / Internet / Twitter’s response to the data leak serves as a cautionary tale for bad cybersecurity

Twitter’s response to the data leak serves as a cautionary tale for bad cybersecurity

The first security incident of the Musk era—a purported data breach that allegedly exposed the contact information of millions of users—finally prompted Twitter to end its silence.

By exploiting a zero-day security hole in Twitter’s systems, which was previously held responsible for exposing at least 5 million Twitter accounts before it was fixed in January 2022, a poster on a well-known cybercrime forum claimed to have scraped the email addresses and phone numbers of 400 million Twitter users in late December. It is claimed that the allegedly cleaned-up dataset of 400 million Twitter users was sold later on and contained the email addresses connected to more than 235 million Twitter accounts. Researchers issued a warning that pseudonymous accounts could be doxed using the email addresses, which contained the information of politicians, journalists, and other public figures.

 

What’s left of Twitter, or the company, addressed the issue last week.

Twitter claimed in an unattributed blog post that it had done a “thorough investigation” and had discovered “no evidence” that the data being sold online had been obtained by abusing a flaw in Twitter’s systems. However, the lack of proof does not mean that there was no wrongdoing, as it is not clear whether Twitter has the technical tools, such as logs, to determine whether any user data was exfiltrated. Instead, the business asserted that hackers had most likely been disseminating a set of information stolen from earlier hacks, and that none of the information correlated with information obtained by means of exploiting the bug that was fixed in January 2022.

Although Twitter’s assertions could very well be accurate, it’s difficult to trust the company. Regulators will be curious about a lot of the same things after seeing Twitter’s inconsistent response, including: Who was given the job of looking into this breach, and does Twitter have the means to do so thoroughly?

An essential lesson in conduct

About Jacob Chambers

As long-time IT enthusiasts, gamers and gadget fanatics, Mark and I have been working in the industry for a long time and we both have a vast experience in dealing with smartphones, tablets, PC and console hardware and everything tech-related. My list of industry insiders is long-enough to allow me to get insights into what's going on in the technology field and provide my readers with interesting and timely updates. I focus on brief, to-the-point reporting, keeping the "bla bla" to a minimum and making sure my readers get easy access to important information and updates. I mainly specialize in Android-based mobile devices, leaving iOS and Apple devices in Mark's capable hands.

Check Also

PixCap of Singapore receives $2.8 million to power online 3D design

A number of startups are vying to surpass Canva and unseat Adobe’s hegemony in three-dimensional …