A Twitter API vulnerability that was detected in June 2021, and was later patched, has apparently been haunting the organization yet again.
In December 2022, a hacker claimed to have access to the personal data of 400 million Twitter users for sale on the dark web markets. And only yesterday, the attacker published the account details and email addresses of 235 million users.
The breached data revealed by the hacker includes account names, handle creation data, follower count, and email addresses of victims. Moreover, the threat actors can as well design social engineering campaigns to dupe people into providing them their personal data.
Twitter: A Social Engineering Goldmine
Social media giants provide threat actors with a gold mine of user data and personal information that they can utilize in order to perform social engineering scams.
Getting a hold of just a user name, email address, and contextual information of a user’s profile, available to the public, a hacker may conduct reconnaissance on their targeted user and create phishing and scam campaigns that are specifically designed to dupe them into providing personal information.
In this case, while the exposed information was limited to users’ information available publicly, the immense volume of accounts exposed in a single location (Twitter) has in fact provided a “goldmine of information” to the threat actors.
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: