Major Security Flaw Exposes Twitter Accounts        

Major Security Flaw Exposes Twitter Accounts

 

Twitter has acknowledged that a bug in its code allowed for malicious actors to link accounts with email addresses registered to them, possibly disclosing the identity of their users.

The company late last week revealed the flaw and apologized for the inconvenience stating the issue was remedied immediately.

The vulnerability in Twitter’s handling of unsuccessful log-in attempts was exploited. When a user entered the incorrect password, Twitter used to do one of two things when they attempted to log in using an email address or phone number:

  • Inform the user that they entered the wrong password
  • Display the Twitter account linked to the specified email or phone number (if any exist)

This implied that users of fictitious accounts might have had their identities revealed.

In this post, we will be discussing what exactly happened with Twitter and how you can protect yourself from cyber-criminal.

Also, check out our blog from last week where we talk about Malware hitting millions of android users and the Top 5 Apps You Need to Uninstall Right Now.

 

What Happened?

Countless apps are exposing Twitter’s API keys, giving hackers access to fully take control of those accounts and use them for identity theft or other forms of online fraud.

The information was discovered by cybersecurity experts CloudSEK, who found 3,207 mobile apps leaking both legitimate Consumer Keys and Consumer Secrets for the Twitter API.

Numerous mobile applications have interacted with Twitter, which enables those applications to carry out specific tasks on behalf of users. Consumer Keys and Secrets are combined with the Twitter API to complete the integration. The apps may enable threat actors to tweet things, write and read direct conversations, or do something similar by leaking this kind of data.

A threat actor could theoretically gather an “army” of Twitter endpoints and use them to tweet, retweet, direct message, as well as participate in other methods to spread a fraud or malware campaign.

 

Millions of Downloads

Twitter accounts exposedAccording to the researchers, the questioned apps include radio tuners, e-banking, city transportation, and similar sites, each receiving between fifty-thousand and five-million downloads.

In other words, there’s a good chance that millions of Twitter accounts are in danger as we speak.

All app owners/creators have been informed, but the majority have done nothing to fix the problem—nor even admit to the public that they have been informed of the issue. According to reports, Ford Motors was one of the businesses that quickly addressed the error with its Ford Events app.

The list of suspected apps won’t be made public until other apps address their problems.

Researchers also noted that mistakes made during the development of apps frequently lead to API leaks. Developers occasionally forget to remove authentication keys after embedding them in the Twitter API.

Protected Harbor advises developers to employ API key rotation, which would eventually make exposed keys invalid, to stop these leaks.

 

Final Words

In today’s technological landscape, you must take the proper steps to protect yourself and your family. Keep track of the latest scams and what you can do to keep yourself safe from cyber-criminals. If you feel you have been the victim of a scam, report it immediately.

Experts from Protected Harbor recommend that you:

  • Stay informed about the latest threats and vulnerabilities and keep your software up to date.
  • Don’t click on links from suspicious emails,
  • Don’t download apps from untrusted websites.
  • Change your passwords regularly.
  • Use a VPN when using public Wi-Fi.
  • Uninstall any and all harmful apps immediately.
  • Think before you allow any app permission or access to your files.
  • Enable 2FA (2-Factor Authentication).
  • Use trusted anti-virus software.

Stay vigilant, keep your privacy settings high, and you can keep your accounts secure.

We are giving away a free IT Audit for a limited time, contact us today for one. Stay updated with the latest news with our blogs and other resources, and keep a keen eye on your social media accounts. Stay Safe!

Protected Harbor’s COVID-19 Response

Protected Harbor’s COVID-19 Response

Protected Harbor manages IT for a variety of small, medium and large companies.  Due to the COVID-19 outbreak, virtually every one of our clients decided to or were forced to work from home.  These requests came from all our clients at the same time over a matter of days.
Due to our infrastructure design, and the responsiveness of our staff, Protected Harbor was able to migrate our clients to “work from home” within hours of the request, and with minimal or no interruption in their business.
Also, support costs for clients as they work from home is included in our base price, which is a flat monthly rate.  So none of our clients experienced a rise in IT costs.
If you are struggling to migrate your business to work from home, please call Protected Harbor at 201-957-1616.
Protected Harbor also offers businesses Cloud Services, Network Management, Ransomware and Security Protection, Disaster Recovery and more.