In January, cybersecurity researchers at HackerOne warned of a vulnerability with Twitter that could allow an attacker to acquire the phone number and/or email address associated with user accounts – even if the user had hidden those fields in the platform’s privacy setting. Twitter responded to the vulnerability with a patch. However, it has been reported this month that Breach Forums is selling the database. Breach Forums is a hacker forum on the dark web.

HackerOne reports that the database had 5.4 millions users. It also contained datasets for businesspeople, politicians, and celebrities. Breach Forums’ owner reportedly confirmed the authenticity of leaked data.

Timothy Morris, a technology strategist for cybersecurity company Tanium, said via email, “This is just another confirmation that privacy can be an illusion for most of the time.”

Morris explained that this vulnerability can expose an individual’s non-attributable Twitter accounts or aliases. “It’s concerning, especially for those in sensitive situations, such as crime victims, political activists/dissidents, and those under the thumb of oppressive regimes. While the situation was appropriately disclosed and resolved, Twitter accounts and identities were a highly-coveted commodity. These can be used in order to compromise systems or cause chaos in individuals’ personal lives. There are likely to be more vulnerabilities that can give access to the same information, and it is reasonable to anticipate this trend continuing.

A Facebook Attack Also Hit

It isn’t just Twitter that is in the news this week for a cybersecurity-related issue. Researchers revealed that the new “Ducktail” malware attack has targeted employees and individuals with access to Facebook Business accounts.

It steals cookies from browsers and uses authenticated Facebook sessions as a way to access the victim’s information. The malware is capable of hijacking any Facebook Business account.

Chris Clements from Cerberus Sentinel, Vice President for Solutions Architecture, stated that cybercriminals will be looking to find new ways to make ill-gotten financial profits as companies become more alert and resistant to ransomware attacks.

Clements said that similar attacks have been made on social media accounts in the past, such as that of Elon Musk’s July 2020 Twitter hack. He tweeted out scams and malware from compromised accounts. However, the targeted approach to targeting Facebook business accounts was a novel one. Contrary to previous social media hacking which made itself very obvious by publishing links to malware and scams, this campaign is stealthier. It aims to change ad spends, or even introduce fraud.

Experts recommend that companies looking to secure themselves need to adopt a culture of cybersecurity that takes into account all possible threats. This includes social media accounts.

Clements stated that social media accounts often get managed by PR and marketing departments without the oversight of cybersecurity teams. “This is because they are not able to make sure accounts have strong passwords, multifactor authentication and real-time monitoring capabilities in order to detect compromise.” Clements explained that businesses …read more

Source:: Social Media Explorer

Author: Aaron