Major Security Flaw Exposes Twitter Accounts
Twitter has acknowledged that a bug in its code allowed for malicious actors to link accounts with email addresses registered to them, possibly disclosing the identity of their users.
The company late last week revealed the flaw and apologized for the inconvenience stating the issue was remedied immediately.
The vulnerability in Twitter’s handling of unsuccessful log-in attempts was exploited. When a user entered the incorrect password, Twitter used to do one of two things when they attempted to log in using an email address or phone number:
- Inform the user that they entered the wrong password
- Display the Twitter account linked to the specified email or phone number (if any exist)
This implied that users of fictitious accounts might have had their identities revealed.
In this post, we will be discussing what exactly happened with Twitter and how you can protect yourself from cyber-criminal.
Also, check out our blog from last week where we talk about Malware hitting millions of android users and the Top 5 Apps You Need to Uninstall Right Now.
Countless apps are exposing Twitter’s API keys, giving hackers access to fully take control of those accounts and use them for identity theft or other forms of online fraud.
The information was discovered by cybersecurity experts CloudSEK, who found 3,207 mobile apps leaking both legitimate Consumer Keys and Consumer Secrets for the Twitter API.
Numerous mobile applications have interacted with Twitter, which enables those applications to carry out specific tasks on behalf of users. Consumer Keys and Secrets are combined with the Twitter API to complete the integration. The apps may enable threat actors to tweet things, write and read direct conversations, or do something similar by leaking this kind of data.
A threat actor could theoretically gather an “army” of Twitter endpoints and use them to tweet, retweet, direct message, as well as participate in other methods to spread a fraud or malware campaign.
Millions of Downloads
According to the researchers, the questioned apps include radio tuners, e-banking, city transportation, and similar sites, each receiving between fifty-thousand and five-million downloads.
In other words, there’s a good chance that millions of Twitter accounts are in danger as we speak.
All app owners/creators have been informed, but the majority have done nothing to fix the problem—nor even admit to the public that they have been informed of the issue. According to reports, Ford Motors was one of the businesses that quickly addressed the error with its Ford Events app.
The list of suspected apps won’t be made public until other apps address their problems.
Researchers also noted that mistakes made during the development of apps frequently lead to API leaks. Developers occasionally forget to remove authentication keys after embedding them in the Twitter API.
In today’s technological landscape, you must take the proper steps to protect yourself and your family. Keep track of the latest scams and what you can do to keep yourself safe from cyber-criminals. If you feel you have been the victim of a scam, report it immediately.
Experts from Protected Harbor recommend that you:
- Stay informed about the latest threats and vulnerabilities and keep your software up to date.
- Don’t click on links from suspicious emails,
- Don’t download apps from untrusted websites.
- Change your passwords regularly.
- Use a VPN when using public Wi-Fi.
- Uninstall any and all harmful apps immediately.
- Think before you allow any app permission or access to your files.
- Enable 2FA (2-Factor Authentication).
- Use trusted anti-virus software.
Stay vigilant, keep your privacy settings high, and you can keep your accounts secure.
We are giving away a free IT Audit for a limited time, contact us today for one. Stay updated with the latest news with our blogs and other resources, and keep a keen eye on your social media accounts. Stay Safe!